[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] iptables


  • Subject: [Openvpn-users] iptables
  • From: Peter Haufschild <peter@xxxxxxxxxxxxx>
  • Date: Fri, 11 May 2007 09:46:52 +0200

Hallo all,

I installed Openvpn with certs authentication and it works fine. When I
use a high port like 1194 I could use Firewall too.

But I like my VPN on port 443 and I want a redirect to 1194. 
Unfortunatly I don't get the right iptables roles :-(

This is not working, whats wrong?



# Generated by iptables-save v1.3.5 on Thu May 10 20:06:50 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [218:28329]
:MYROLES - [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j MYROLES
-A FORWARD -j MYROLES
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A MYROLES -d 172.16.5.1 -i eth0 -p udp -m udp --sport 443 --dport 1194
-j
ACCEPT
-A MYROLES -d xxx.xxx.xxx.53 -i tun -p udp -m udp --sport 1194 --dport
443 -
j ACCEPT
-A MYROLES -i tun -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j
ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j
ACCEPT
"/etc/sysconfig/iptables" 26L, 1132C


I try a lot  ....

  iptables -A MYROLES -p udp --sport 443 --destination
172.16.3.1/255.255.255.255 --dport 1194 -j ACCEPT
   99  iptables -A MYROLES -i tun -p udp --sport 1194 --destination
213.61.58.54/255.255.255.224 --dport 443 -j ACCEPT


Thanks a lot
Peter





____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users