|
|
Christophorus Laube wrote: > Hi, > > I tried to set up openvpn-2.0.2. I took over the sample script for the > firewall and added my personal settings. When I try to connect it gets until > "Initialisation sequence complete", but nothing is going on. I am not able > to ping the corporate network. I did some further checks and the pings are > reaching the machine dedicated to, but nothing returns from the firewall. As > I took the sample script I cannot imagine of any problem with the firewall > script. For completeness reasons here is the snipped iptables-save output: > > --snip-- > # Generated by iptables-save v1.2.11 on Mon Sep 12 12:43:05 2005 > *nat > :PREROUTING ACCEPT [17243:1443111] > :POSTROUTING ACCEPT [10:724] > :OUTPUT ACCEPT [0:0] > -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j MASQUERADE > COMMIT > # Completed on Mon Sep 12 12:43:05 2005 > # Generated by iptables-save v1.2.11 on Mon Sep 12 12:43:05 2005 > *filter > :INPUT DROP [803:69374] > :FORWARD DROP [0:0] > :OUTPUT ACCEPT [267:23990] > -A INPUT -s 127.0.0.1 -i eth1 -j DROP > -A INPUT -d 127.0.0.1 -i eth1 -j DROP > -A INPUT -s 192.168.0.0/255.255.0.0 -i eth1 -j DROP > -A INPUT -s 172.16.0.0/255.240.0.0 -i eth1 -j DROP > -A INPUT -s 10.0.0.0/255.0.0.0 -i eth1 -j DROP > -A INPUT -s 127.0.0.1 -j ACCEPT > -A INPUT -d 127.0.0.1 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT > -A INPUT -p udp -m udp --dport 1194 -j ACCEPT > -A INPUT -i tun+ -j ACCEPT > -A INPUT -i eth0 -j ACCEPT > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A FORWARD -s 127.0.0.1 -i eth1 -j DROP > -A FORWARD -d 127.0.0.1 -i eth1 -j DROP > -A FORWARD -s 192.168.0.0/255.255.0.0 -i eth1 -j DROP > -A FORWARD -s 172.16.0.0/255.240.0.0 -i eth1 -j DROP > -A FORWARD -s 10.0.0.0/255.0.0.0 -i eth1 -j DROP > -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > -A FORWARD -o eth1 -p tcp -m tcp --sport 137:139 -j DROP > -A FORWARD -o eth1 -p udp -m udp --sport 137:139 -j DROP > -A FORWARD -s ! 192.168.0.0/255.255.255.0 -i eth0 -j DROP > -A FORWARD -i tun+ -j ACCEPT > -A FORWARD -i eth0 -j ACCEPT > -A FORWARD -o eth1 -m state --state NEW -j ACCEPT > -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > -A OUTPUT -o eth1 -p tcp -m tcp --sport 137:139 -j DROP > -A OUTPUT -o eth1 -p udp -m udp --sport 137:139 -j DROP > -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT > -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT > -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -j ACCEPT > -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -j ACCEPT > -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 25 -j ACCEPT > -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 25 -j ACCEPT > -A OUTPUT -o eth1 -m state --state NEW -j ACCEPT > COMMIT > # Completed on Mon Sep 12 12:43:05 2005 > --snip-- > > Does anyone of you have hint? Do you have a return route? cheers Erich ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00128.html on line 248 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00128.html on line 248 |