Networking :: Iptables Doesn't Work Well Without OpenVPN?
May 31, 2011
my problem is following: I'm running a bridged OpenVPN on my Debian. If the service is running, everything works fine: local and Internet, ftp, mailing from in and outside etc. But, when stopping OpenVPN, sending mails from inside (LAN) fails: I cannot reach smtp (postfix) listening on port 465. And even reaching mailboxes using IMAP gets horribly slow eg. in Thunderbird. Here is my firewall.sh script.
Quote:
#!/bin/sh
echo "
IPTABLES FIREWALL inicializalasa - szures"
# Enter the designation for the Internal Interface's
INTIF="eth0"
[Code].....
View 9 Replies
ADVERTISEMENT
Jan 12, 2011
I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.
Code: # squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
[Code]...
View 6 Replies
View Related
May 7, 2010
I have set up OpenVPN for my connection. I'm using this to connect to the internet from different locations using tunnelling.
Right now I have a few IP's : on eth0 I have IP from my ISP, on eth0:1 I have my own IP.I set up MASQUERADE to eth0 - but in this case when I try to access my restricted resources IP address from ISP is visible.
What I want is to use my own IP address from eth0:1 - could somebody help me to build good working redirect entry for that? I want to redirect all connections to that IP assigned on eth0:1... - just to access Internet using my IP.
View 3 Replies
View Related
Jun 27, 2009
This will be a little long (having read Phil's 'how to ask questions' FAQ). I'm trying to get OpenVPN working between my CentOS server and some Windoze laptops running XP. There seems to be plenty of sample
config files available, but to date, none of them have worked for me. Pulling out my trusty Wireshark, I've found some clues,
BACKGROUND:
My local subnet (NAT'ed by my gateway router) is 192.168.52.x. My router has been configured with a conduit (port-forward) for port 1194 (the standard OpenVPN port), which points towards my CentOS server.The CentOS server is .52.112, and the supplicant is .52.110. I have tried the lient both inside and outside my local subnet, with no difference in events or outcomes.
[Code]...
View 2 Replies
View Related
May 23, 2011
I'd like to configure IPtables to make sure I can only access the internet through an openvpn connection (so when the connection is down I have no way to access the internet but to connect to the vpn again).
I know how to do this with Firestarter (restrictive outgoing policy and I only allow the vpn server IPs) but Firestarter seems to be stupid : for some reason eth0 was changed to eth1 and Firestarter can't work properly anymore, even though that probably can be fixed with Firestarter I'm no more interested in this program and I'd better like to know how to apply the same policy using IPtables.
I've tried a few things already but it failed each time ... how can I effectively allow my computer to connect to the VPN while everything else is blocked ?
View 3 Replies
View Related
May 5, 2010
Just had to re-install after I did some very silly things. Running 9.10 Ubuntu with XBMC-live Have gnome desktop, Firefox with adobe flash plugin. I set up a script called myvpn to run openvpn and this used to work and now it doesn't I did
[Code]...
If I manually type in each command it works, but the script doesn't?
View 2 Replies
View Related
Mar 27, 2011
I have 2 different networks: the first one is gateway machine (eth0), and the second is a private machine (eth1). So, I've configured the iptables and forwarding stuff and when I try to ping [URL]... on the gateway machine, it works, while it doesn't work on the private network.
View 7 Replies
View Related
Feb 13, 2010
I want to configure a VPN over the Internet.I installed the 'openvpn' package, generated the key file, transfered it by a secure way to the client, and setted up the configuration file.
So, in that configuration file I input the IP addresses of the tunneled interfaces. Both IPs are static in the tunnel.
Then, I've heard somewhere that I can assign a dynamic configuration IP for the client. I do this registering a range.
Well, when I tried to change static IP to dynamic IP (changing '192.168.0.2' to '192.168.0.0/24') in the configuration file, the OpenVPN didn't work.
Obviously I don't know what I'm doing, and I really, don't believe that simply changing the IP will make it work, but I tried.
I hope I explained my problem as well.
My configuration file:
# OpenVPN Server Configuration File
dev tun 0
ifconfig 192.168.0.1 192.168.0.2
cd /etc/openvpn
secret key_file
In client I execute the 'openvpn' without the '--daemon' parameter.Then I want that my client uses a IP in a range (192.168.0.0/24, for example), instead of a static IP (192.168.0.2).I also thought to use a DHCP server, but I'm not sure that will work.
View 6 Replies
View Related
Mar 27, 2011
I have 2 different networks: the first one is gateway machine (eth0), and the second is a private machine (eth1). So, I've configured the iptables and forwarding stuff and when I try to ping google.com on the gateway machine, it works, while it doesn't work on the private network. Note: I am using VmWare 7. I need your quick assistance about this issue.
View 2 Replies
View Related
Jul 27, 2010
i have added a vpn connection on my Lucid desktop machine, but every time i try and connect, it fails. I also have the same, identical vpn connection on my karmic install on my laptop. everything works perfectly on Karmic, but Lucid is having problems. I have followed identical steps for creating the vpn connection on both machines: vpn connections can be made in 2 ways, the first is through the network manager, but trying to connect through the nm-applet returns an error about vpn failing to connect and "no valid vpn secrets".
I suspect this is at the root of the problem. The only way for my Lucid machine to successfully connect through the command line is if I run the openvpn command under sudo.
View 2 Replies
View Related
Nov 25, 2010
I use iptables firewall (v1.4.1) installed on FC8. I'm trying to limit the inflow traffic for the port 1723 to certain MAC addresses. To experiment with the mac option, I've written the following iptables rule:
Quote:
iptables -A INPUT -m -mac --mac-source 10:08:08:08:08:10 -j ACCEPT
It didn't work. It gave me this error message:
Quote:
iptables v1.4.1: Couldn't load match `-mac':/usr/local/libexec/xtables/libipt_-mac.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. Does that mean the mac module wasn't installed/enabled?
View 4 Replies
View Related
Oct 27, 2010
I followed this tutorial => https://help.ubuntu.com/community/OpenVPN
I'm working on ubuntu 10.10 OS
So everything is ok when i start the tutorial with my interface on code...
The only way I can make it work again is by setting the interfaces back to
auto lo
iface lo inet loopback
>> then reboot
and after that put back the br0 settings in the interfaces en restart the network.
View 4 Replies
View Related
Jun 20, 2010
I'm running Ubuntu 10.04 LTS as a VM in Hyper-V, and accessing it via VNC with a machine in the same broadcast domain. I'm using OpenVPN to connect to XeroBank. I have instructions for configuring iptables to permit establishing and using the XeroBank connection, while blocking all other traffic on eth0. I've followed them successfully. I need to also permit the VNC connection, and haven't managed that. FWIW, the VM is at 192.168.111.12::5900 and the workstation is 192.168.111.2.
The attachment to this post lists the recommended contents for each Shorewall file. Which files need changed, and what do I add to each?
View 3 Replies
View Related
Apr 5, 2010
i have some problems with configuring openvpn tunnel connection to my openvpn server. I'm using static-key tcp connection. Network manager always said to me that connection could not be established. Also, when i try to run openvpn from terminal, i got some strange permissions problem:
Code:
openvpn --config config.ovpn
Mon Apr 5 15:48:37 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
Mon Apr 5 15:48:37 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr 5 15:48:37 2010 /usr/sbin/openvpn-vulnkey -q moj.key
[code]....
View 1 Replies
View Related
Sep 12, 2009
For the background, I'll be using my router as a firewall with snort-inline enabled. I got 3 NIC's: one for the WAN, the second will be bridged to the WAN NIC for queuing traffic which snort-inline requires, and the third is the LAN NIC (the computer I use for everyday work). Here's how I have my interfaces set up:
Code:
# /etc/network/interfaces
# Loopback interface
auto lo
iface lo inet loopback
[code]....
From what I understand, queuing needs to be set up on the bridge. From the documentation I've read it's done like this:
Code:
iptables -A INPUT -j QUEUE
And then to forward traffic, I did:
Code:
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
I've done this and am able to ping the router, obtain a DNS address from dnsmasq from the LAN computer. From the router I am able to connect to the internet (ping, links <address>...). From the LAN computer trafficking isn't getting forwarded, Firefox, links, ping all don't resolve.
View 7 Replies
View Related
Feb 7, 2016
I managed to set up an openvpn server, ip-forwarding and a nat iptable rule for that.
Almost everything works as expected, but my problem is:
Smartphone -> VPN -> Internet ==> works (by ip and hostname)
Smartphone -> VPN -> machine in my local network by IP ==> works
Smartphone -> VPN -> machine in my local network by its hostname => DOES NOT WORK
Machine w/ VPN server -> ping to machine in local network by ip or hostname => works
So, i wonder why i cant access a local machine through the vpn by its hostname. I guess I'm missing a forwarding rule??
iptables dump:
# Generated by iptables-save v1.4.21 on Sun Feb 7 20:56:52 2016
*nat
:PREROUTING ACCEPT [786:59064]
:INPUT ACCEPT [728:53047]
:OUTPUT ACCEPT [19:1487]
:POSTROUTING ACCEPT [20:1576]
-A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
COMMIT
# Completed on Sun Feb 7 20:56:52 2016
View 0 Replies
View Related
Aug 14, 2010
i'm having a weird issue on 10.04. I have a bash script I wrote to drop incoming connections that are faster than a specified rate (6 per second in the example). I've been using the script successfully on 8.04LTS and CentOS for 2-3 year but it doesnt seem to work on 10.04
Code:
INTERVAL="2"
HITCOUNT="6"
iptables -A INPUT -d 123.123.123.123 -m state --state NEW -m recent --set
iptables -A INPUT -d 123.123.123.123 -m state --state NEW -m recent --update --seconds $INTERVAL --hitcount $HITCOUNT -j DROP
View 1 Replies
View Related
Apr 7, 2010
When I try something like, I get:
iptables -A FORWARD -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP
iptables: No chain/target/match by that name.
So I re-compiled the kernel enabling WAN Router, and all the subsections. Downloaded latest iptables, removed the RPM one, installed the iptables from source.. Guess what, same error!
PS: iptables -m u32 -h works, it displays a page of info.
View 1 Replies
View Related
Jan 18, 2011
I am using putty in my windows machine to access my Linux server terminal.
Code:
Putty works fine if I disable my Linux IPTABLES. My Windows machine IP is 192.168.1.249
Linux server IP address is 192.168.1.200 I don't know how to allow it through IPTABLES.The port which putty is using is 22.
View 3 Replies
View Related
Mar 8, 2011
I've been beating myself over the head with iptables and CANNOT get port forwarding to work. Here's my situation: Static LAN IP on eth0 Static internet IP on eth1 ip_forward is turned on by uncommenting in sysctl.conf Here's the output of iptables-save:
Code:
# Generated by iptables-save v1.4.4 on Tue Mar 8 10:34:12 2011
*nat
:PREROUTING ACCEPT [2443:347058]
[Code]...
Edit: by the way, the intended purpose of this machine is to server as a gateway and firewall. MASQUERADE is working, for whatever that is worth. And the host behind the firewall that is serving up http is definitely working too. All that is not working is getting hosts on the internet talking to hosts behind the firewall.
View 1 Replies
View Related
Aug 15, 2011
I'm trying to build a firewall with IPTables: INTERNET <--------> (eth0) FIREWALL (eth1) <------------->FTP_srvI set all rules DROP by default.My rules for forwarding packet to FTP server:
#iptables -t nat -A PREROUTING -i eth1 -d $FIREWALL_EX_ADDR -p tcp --dport 21 -j DNAT --to-destination $FTP_ADDR:21
#iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]....
View 2 Replies
View Related
Apr 23, 2009
I have this annoying problem since day one.I am testing out Red Hat RHEL5, everything is fine except DNS look up.If I ping www.google.com, it doesn't work, ping ip address it all works;if I bring up browser, put www.google.com it doesn't work, can't find the name, however, simply put ip address there it works.My DNS seeting seems ok, and the DNS works from Windows box.
View 2 Replies
View Related
Jan 23, 2010
I am trying to setup a vpn client for my iphone since it doesn't support openvpn. However I keep running into this error message: initial Main Mode message received on <local ip>:500 but no connection has been authorized with policy=PSK.
View 3 Replies
View Related
Apr 14, 2011
I'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.
I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:
/user/local/lib/iptables
/sbin/iptables
/lib/iptables
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
how I can save the iptables?
View 1 Replies
View Related
Aug 25, 2009
Networking on Fedora 11 doesn't work for me on various machines. Fedora 10 does, but only if you don't do an update.Why does Fedora get worse the more you keep it up-to-date?
View 1 Replies
View Related
Feb 15, 2011
I have 2 guest machines on 1 VBox host installed : - one guest with hostname 'debian' is configured as follows and has IP Forwarding enabled to be able to route traffic from eht1 to eth0.
Code:
eth0 Link encap:Ethernet HWaddr 08:00:27:f1:ef:5f
inet addr:10.0.2.1 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fef1:ef5f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]....
View 2 Replies
View Related
Feb 26, 2010
I'm trying to troubleshoot some networking issues I'm having between my Linux servers connecting to a server at another location after a Cisco ASA firewall has been installed at my location. I can make the connection work if I lower the mtu on the NIC (ifconfig eth0 mth 1000) - however that supposedly can break the local network if I don't set everything else's mtu to match. Supposedly I can use the iproute package (debian etch) to lower the mtu on a per-route basis, but it doesn't seem to work for me.
Code:
ip route delete default
ip route add default via X.X.X.X mtu 1000
View 2 Replies
View Related
Mar 13, 2010
Hello.
I've openSUSE 11.2, 64-bit version, with GNOME desktop.
My hardware is a Conceptronic c150ru.
Well, I configured it with Ndiswrapper (http://en.opensuse.org/Ndiswrapper_howto), and I hadn't problems.
Then, I tried to enable Internet with the terminal. Firstly, I wrote iwconfig wlan0 mode managed. Well.
Secondly, I wrote iwconfig wlan0 essid (my essid). Well.
Then, I wrote iwconfig wlan0 key (my key wep). An error message appears. How can I write my key wep?
View 2 Replies
View Related
Jul 3, 2010
I have two simultaneous active mobile connections through my two mobile phones and USB data cables. Yet I can only send/receive with one connection.
Each of the phone modems have a node in /dev, namely ttyACM0 and ttyACM0. So the modems are detected correctly. After setting up two dial-up connections with the two modems I have two ip's. Ifconfig-a confirms this:
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.10.219.60 P-t-P:10.6.6.6 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:15209 errors:0 dropped:0 overruns:0 frame:0
[Code]....
View 1 Replies
View Related
Feb 4, 2010
I'm using ubuntu 9.10 with kernel 2.6.33.I want to plot the cwnd of some tcp connections over the time.So I activate the module (as root) with:modprobe tcp_probeand after that I did:cat /proc/net/tcpprobe > test.log &And than I do a little bit surfing or other things, which use tcp - but the file test.log is empty
View 6 Replies
View Related
