[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and iptables


  • Subject: Re: [Openvpn-users] OpenVPN and iptables
  • From: Alexandros Papadopoulos <apapadop@xxxxxxxxxxxxxx>
  • Date: Thu, 15 Nov 2007 08:49:30 +0200

On Thursday 15 November 2007 01:12, Britain Crooker wrote:
> We have Subversion running on the same server that has OpenVPN on it.  I
> would like to come up with some way to say "only allow clients to connect
> to Subversion if they are connected via the VPN".

This doesn't have much to do with the VPN per se.

For TCP connections:
/sbin/iptables -A INPUT -t filter -i tun0 -p tcp -s 10.8.0.0/24 --sport 
1024 -d 10.8.0.1 --dport 3690 -j ACCEPT

Same for UDP:
/sbin/iptables -A INPUT -t filter -i tun0 -p udp -s 10.8.0.0/24 --sport 
1024 -d 10.8.0.1 --dport 3690 -j ACCEPT

With these rules only 10.8.0.1-10.8.0.254 will be able to connect through the 
tun0 device to the SVN ports.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users