[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Block traffic over certain ports?


  • Subject: [Openvpn-users] Block traffic over certain ports?
  • From: Cirroc <cirroc@xxxxxxxxx>
  • Date: Fri, 16 Nov 2007 17:09:53 -0500

I have a series of machines connecting via VPN, and I'd like to block 
traffic going between them, but I can't seem to find a way to use 
iptables to filter what the server forwards, so I can limit to specific 
ports.. This is part of the public IP project I mentioned earlier. I'd 
still love some contract help, but if someone could point me in the 
right direction, I'll keep plugging at it.

server.conf-
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/vpn.xx.com.crt
key /etc/openvpn/keys/vpn.xx.com.key   # This file should be kept secret
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
route-up "route delete -net 10.8.0.0/24"
route-up "route add -net 10.8.0.0/24 tun0"
client-to-client
duplicate-cn
comp-lzo
persist-key
persist-tun


[root@vpn openvpn-2.0.9]# iptables -t filter -A FORWARD -i tun0 -p tcp 
--destination-port 22 -j DROP
[root@vpn openvpn-2.0.9]# iptables -t filter -A INPUT -i tun0 -p tcp 
--destination-port 22 -j DROP
[root@vpn openvpn-2.0.9]# iptables -t filter -A INPUT -i tun0 -p tcp 
--destination-port 3389 -j DROP
[root@vpn openvpn-2.0.9]# iptables -t filter -A FORWARD -i tun0 -p tcp 
--destination-port 3389 -j DROP

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users