[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and iptables


  • Subject: Re: [Openvpn-users] OpenVPN and iptables
  • From: "Britain Crooker" <britainc@xxxxxxxxxxxxxx>
  • Date: Thu, 15 Nov 2007 08:29:29 -0500

I will try that - does it matter if I my network device is tap0 instead of
tun0 (other than changing the '-i tun0' part of the statements below)?

-----Original Message-----
From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Alexandros
Papadopoulos
Sent: Thursday, November 15, 2007 1:50 AM
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] OpenVPN and iptables

On Thursday 15 November 2007 01:12, Britain Crooker wrote:
> We have Subversion running on the same server that has OpenVPN on it.  I
> would like to come up with some way to say "only allow clients to connect
> to Subversion if they are connected via the VPN".

This doesn't have much to do with the VPN per se.

For TCP connections:
/sbin/iptables -A INPUT -t filter -i tun0 -p tcp -s 10.8.0.0/24 --sport 
1024 -d 10.8.0.1 --dport 3690 -j ACCEPT

Same for UDP:
/sbin/iptables -A INPUT -t filter -i tun0 -p udp -s 10.8.0.0/24 --sport 
1024 -d 10.8.0.1 --dport 3690 -j ACCEPT

With these rules only 10.8.0.1-10.8.0.254 will be able to connect through
the 
tun0 device to the SVN ports.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users