OpenSUSE Network :: SUSEFirewall Blocking OpenVPN Traffic - How Can Configure To Allow
Nov 17, 2010
I have a remote network that I manage consisting of a DLink DFL-210 firewall/router, and behind that a Dell server running openSUSE 11.2 and a collection of Windows XP/Vista/7 computers.
The Linux box is running OpenVPN as a server (that is how I connect to this network) and a client (it connects to a second server - running XP - at a different location).
The DLink router is the DHCP server and provides addresses on the 192.168.51.0/24 network. The OpenVPN server provides the 10.8.51.0/24 address range.
The remote network that the Linux box connects to is 192.168.54.0/24 via the OpenVPN network 10.8.54.0/24.
I have added routes to the DLink router to route all traffic to the 10.8.51.0/24 and 192.168.54.0/24 networks to the Linux box.
With SUSEFirewall turned off, after I have connected via OpenVPN from my remote computer I can ping all active 192.168.51.0/24 addresses. Other computers on the 192.168.51.0/24 network can ping computers on the 192.168.54.0/24 network. But if I turn on SUSEFirewall, neither of these work. However, I can ping 10.8.54.1 from any computer on the 192.168.51.0/24 network.
How can I set up SUSEFirewall to allow these networks to communicate with eachother?
View 5 Replies
ADVERTISEMENT
Sep 14, 2010
My home computer has 11.3 and SuSEfirewall enabled. It connects to the net over the wireless and SuSEfirewall has this connection in the external zone.
I can successfully ssh into this computer from remote (the work computer) but none of the ssh port-forwarded connections work. I'm trying to tunnel VNC over ssh. I also tried setting http on the home computer to serve pages on a high-numbered port (8090) and tunnelling that but it also didn't work - proving that it's not a VNC problem.
Here are the relevant messages from the firewall logs on the home machine:
Code:
I don't understand why this isn't working now, I had the same setup on 11.2 and it worked fine.
The 95.91.92.92 is the public IP address of my home router, I don't understand why a connection would appear to be coming from there when I use ssh-tunnelling?
View 5 Replies
View Related
Sep 14, 2011
As too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.
When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system
View 9 Replies
View Related
May 1, 2010
I have trouble with opensuse susefirewall 2 and my own rules. since i have installed a suspicious download manager, i detect outgoing traffic in the monitor and i want to block ougoing traffic except some apps like firefox, jinchess ...
1) I had to modify FW_CUSTOMRULES="" with FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/SuSefirewall2
2) I had to add my own rules in /etc/sysconfig/scripts/SuSEfirewall2-custom in the appropriate hook
3) I don't know if rules are good.. they seem to work because for example jinchess can't access his server with the DROP rule until i add the ACCEPT rule BUT in fact the download manager still access internet and amarok too when it searches for songs lyrics ! i have discovered it's because the others apps use port 80
I give here the file /etc/sysconfig/scripts/SuSEfirewall2-custom
How to to make firefox use another specified port ? i wanted to use privoxy with tor but it doesn't work .. is there input/output controler on linux (something like zonealarm on XP) ? the trouble is that all outgoing traffic is permitted by default!
View 4 Replies
View Related
Jan 18, 2010
I just noticed the following error after booting my system.
Code:
I cannot find any reference on this on the forum or else on the internet. Is this a major problem or just a notification that can be ingnored.
View 4 Replies
View Related
Feb 11, 2016
I will see ipcam in my local network from my tablets. I'm install server/client but I can't even ping my Ipcam from my tablet.I'm ping my ipcam from my server
Code: Select allping 10.42.0.22
PING 10.42.0.22 (10.42.0.22) 56(84) bytes of data.
64 bytes from 10.42.0.22: icmp_seq=1 ttl=64 time=0.639 ms
eth1:1 Link encap:Ethernet HWaddr 00:25:22:1c:6e:05
inet addr:10.42.0.1 Bcast:10.42.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.42.0.1 P-t-P:10.42.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1775 errors:0 dropped:0 overruns:0 frame:0
[code]...
my tablet can receive ip, can see ftp on server but can't see anything in my home network.
View 3 Replies
View Related
Oct 18, 2009
how to configure my network for web traffic.Here is my setup:I have the following virtual machines, (all guest are running on CentOS 5.3);
firewall: Smoothwall 3.0, (hardware, not virtual)
guest # 1: Apache http server
guest # 2: Qmail server
guest # 3: Proftp server
I want all of these services on different machines for security reasons, (mainly the ftp server) how do I route the traffic from the firewall to the different machines? I have been looking at setting up a reverse proxy, however, everything that I have read says that a reverse proxy will not handle the smtp/pop3 traffic. Can I just use a DNS server to route the traffic?
View 5 Replies
View Related
Dec 28, 2010
How could I configure Ubuntu to be setup as follows...
Wireless Client ----> Wireless Router ----> Home Server ----> Internet
What is needed to make all of the wireless traffic go to my internet connection port. I will be having two ethernet cables plugged into the system one from the wireless router and one to my internet router.
View 1 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Mar 17, 2010
i used the angry ip scan software and found alot of the public ip addresses on our network are accessable from outside when they are not suppose to, For eg printers/ pcs etc. to make a start on locking down the network i was wondering if anybody knew th iptables command to add a rule which blocked all incoming traffic to specific ip adresses on the network and to a range of ip addresses.
View 7 Replies
View Related
Apr 26, 2010
Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)
I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.
View 7 Replies
View Related
Feb 11, 2011
I set up iptables but it is blocking my SSH set up. I did allow it by opening port 22 but it did not work. Here is my config:
Code:
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
### this should allow SSH traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
How do you allow SSH through the iptables firewall?
View 5 Replies
View Related
Aug 17, 2010
Is there a way to configure my interface to promisc mode and also make it not capture the "transmitted" packets. ?I mean, i want the interface in Promisc mode but only for inbound traffic.If there isnt any using ifconfig, can it be by configuring eth0 to promisc using ifconfig , and filtering outbound traffic from being captured using sockets or something ?
View 4 Replies
View Related
Mar 1, 2011
I have access to a VPN I use when having confidential instant messaging sessions. For the purposes of my work, essentially.I'm a command line kind of guy, and like to use Finch (the shell version of Pidgin) for those.However, when I turn on my OpenVPN connection it routes all traffic through the VPN. Web-browsing, IMing, and I can no longer access other machines on my home network.Can I set OpenVPN to only route traffic I ask through that connection (either by port number or application, or some way I haven't thought of), while other traffic flows through my usual home network?Some kind of local proxy perhaps? Or a dd-wrt box set up as a proxy, connected to OpenVPN?I've played around with the GUI environment too (I have a basic GUI I sometimes use on my main machine) and have installed the full desktop 10.10 on a second machine just to see if I can work it out.
View 2 Replies
View Related
Dec 10, 2010
I have installed OpenVPN to use it as an internet gateway butcan't get it to work.OpenVPN installed without any problem. The client can also connect and ping the server but there is no internet traffic.I think it is because of a wrong gateway address which the client gets but I'm not sure. server IP address is 10.8.0.1 and the client can ping this IP but it's default gateway is always 10.8.0.5 which is not accessible from the client.This is my server.conf:
Code:
dev tun
proto tcp
[code]...
View 7 Replies
View Related
Sep 16, 2015
I'm running OpenVPN service on both debian server and client. When start connection between client and server, I expect all the computer traffic (except ARP and DHCP requests) go through created tunnel. However, when I capture packets on wlan0 on client (the only connection going outside host) using Wireshark, I can see DNS requests visible and sometimes incoming TCP traffic as well, but most of the traffic is going through tunnel as expected. I provide both configurations of client and server and client routing table for inspection. I changed server address to avoid server exploitation in the case of some big configuration mistake.
Commands to run OpenVPN services are:
Code: Select allFor client: sudo openvpn --config /etc/openvpn/client.conf &
For server: sudo openvpn --config /etc/openvpn/server.conf &
**Client routing table when VPN is OFF**
Code: Select allKernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 1024 0 0 wlan0
192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0
[code]...
I searched through many forums and documentation and I found, that for all the traffic going via VPN is command: *push "redirect-gateway def1"* neccessary, however, I have leaks despite this command being in place. I already spent over 2 days with this and tried to configure it in many ways, now I have no clue what I'm missing.
View 0 Replies
View Related
Aug 31, 2010
I'm facing a problem when I establish VPN connections using OpenVPN to Your Freedom Server. " you can see their documentation here ", I've installed OpenVPN from synaptic and I used the client to connect through VPN and it works !! but there is no traffic in FF or any application !!I tired to insert some HTTP proxy also belongs to the same server and it works. What really wonders me is that OpenVPN seems to work only when I'm connecting to streams sites "e.g. ustream, justin.tv" Is there anyway to force the whole traffic to use OpenVPN " I'm using Mobile modem and it works fine with OpenVPN in win7
View 7 Replies
View Related
Apr 5, 2010
i have some problems with configuring openvpn tunnel connection to my openvpn server. I'm using static-key tcp connection. Network manager always said to me that connection could not be established. Also, when i try to run openvpn from terminal, i got some strange permissions problem:
Code:
openvpn --config config.ovpn
Mon Apr 5 15:48:37 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
Mon Apr 5 15:48:37 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr 5 15:48:37 2010 /usr/sbin/openvpn-vulnkey -q moj.key
[code]....
View 1 Replies
View Related
Aug 19, 2010
Ok here's my setup :
SuSE 10.0 X86 32 acting as my internet gateway and firewall.
eth0 is my internal interface network 192.168.0.0/24 IP 192.168.0.254 dsl0 is my internet connection and is a single ip PtP connection to my ISP.
My internal network is masquaraded onto the external network.
I run an smtp server on my gateway box that I need to be accessable to both the internal and external networks.
However I want to prevent machines on the internal network from establishing connections to external smtp servers, but still alow them to connect to the smtp server on the gateway to send email.
NOTE I do not want to force attempts to connect to [URL] 25 to be re-directed to my internal server I just want to drop or reject the connection.
The firewall up until now has just been configured through YaST, but am not afraid to edit script files if needed
The reason for doing this it to prevent spambots from being able to send through my isp, I keep my own machines clean but sometimes get asked to disinfect machines for other people (family members etc), where I need to connect to the outside world to get updates/virus defs etc, but don't want them spamming from my network.
View 2 Replies
View Related
Sep 8, 2010
I've setup vnc over ssh tunnelling however the Suse firewall seems to be blocking it. On the local host I have this in ~/.ssh/config:LocalForward localhost:5900 remotehost.com:5900 The problem is that this only works when I either disable the firewall or add an exception for VNC. Both of these actions defeat the whole purpose of ssh tunnelling since they leave my VNC port open to the outside world (very insecure).
View 2 Replies
View Related
Jan 16, 2011
I got it set up in the NetworkManager applet (imported the client.ovpn), but when I connect it sends ALL my traffic through the VPN. I would prefer all accesses to the internet go over my normal default gateway, rather then all the way through to the VPN's default gateway.When I connect through the command line:
Code:
openvpn --config client.ovpn
I don't have this problem, and accesses to the internet still go over my default gateway on
[code]...
View 1 Replies
View Related
Aug 31, 2010
I have some questions about openVPN. I am wanting to hide my downloading through transmission and I'd like to know if I can use openVPN for this? Also do I need access to a server? I don't understand how it all works.
View 5 Replies
View Related
Feb 3, 2011
I have an Ubuntu VPS running 10.10 x86_64
This is what is in my /etc/network/interfaces right now.
Code:
auto eth0
iface eth0 inet static
address 67.202.x.x
gateway 67.202.x.1
netmask 255.255.255.0
auto lo
iface lo inet loopback
My server.conf
code....
I can get the VPN server running and everything connects fine from the client. I just don't know how to tunnel all the traffic through the VPS because it involves making the bridge which I'm having trouble with. What exactly am I supposed to put in /etc/network/interfaces?
View 1 Replies
View Related
Jan 10, 2010
Printer is connected via USB to server PC running OpenSUSE 11.1 Client PCs are running 11.1, XP, Vista No problem printing from the Windoze machines
Printing is trouble free with the 11.1 client's firewall disabled, but no printer is available with firewall running.
In hopes of diagnosing the problem I figured I'd open everything I could think of until the printer remained available with the firewall running. Then I planned to start removing exceptions one at a time 'til removing one caused the printer to disappear.
I've gone to Yast>Security and Users>Firewall>Allowed Services>External Zone and tried addingSamba Server
NetBIOS server
Samba Client
Samba Server
VNC
[Code]....
View 5 Replies
View Related
Feb 18, 2010
We are switching from an uncapped 512kb line to a 4MB line at the office... One catch though. The 4MB line will only be linked to a 30GB account, without the option to top up. I therefore have been asked to put something in place to regulate what the staff download at work. Basically block movie, music and torrent downloads should be sufficient, but they would also like to have a list of where staff have been in case of abuse. I have tried OpenDNS in the past, but the guys took great delight in getting around this, and did it within minutes... I can't enter a proxy setting into their browsers, because they all have local admin rights on their Windows boxes and will just disable that. How do I do this on a server level, so that they can't get around this?
View 3 Replies
View Related
May 13, 2011
I'm using ubuntu server 10.04 with openvpn installed on it. My vpn is working fine, all the users can connect without any issue.My problem is that I'm unable to filter the VPN traffic using openvpn. I can't allow all users to be able to interact with other vpn users. I need to avoid this kind of traffic.I was trying to build an iptables firewall, but I just noticed that my openvpn traffic isn't being filtered by iptables.In FORWARD chain, no matter what rule I use openvpn would continue to allow traffic between my clients. It does appear that openvpn is skipping FORWARD chain?For example:
Code:
# iptables -L FORWARD -nv
Chain FORWARD (policy DROP 0 packets, 0 bytes)
[code]....
View 3 Replies
View Related
Dec 5, 2010
I have set up an openvpn server on ubuntu via port tcp 443. The server use a public network and almost every ports are blocked (not 443) So when a client connect to the server, if it send traffic needing a blocked port, the connection cannot been etablished of course. So i d like to know if it is possible to redirect all incoming traffic on the server to an other unblocked port (like 443) to bypass firewall.
I dont think openvpn offer this possibility but maybe with linux it is possible..
View 3 Replies
View Related
Apr 26, 2011
I obviously a noob to Suse but after installing 11.4, and filezilla, i cant connect to my ftp server. Ive opened ports 21 22 and 990 explicitly in the firewall and all I get is a 425 error Cant Retrieve Directory Listing. It logs me in ok but doesnt allow data connections?
View 9 Replies
View Related
Feb 22, 2010
We have installed "openVPN" from openSUSE 11.2 repo and "openVPN - webmin module" (GUI).What it needs to be done .. "Road Warriors" need to be able to access websites through openSUSE box sitting in the data center, from remote locations (hotel, coffe shops, wi-fi hot spots,..)We're half way there but it gets stucked somewhere with the IP's
View 6 Replies
View Related
Mar 2, 2010
I use KVpnc and openVPN to connect to my desktop at work from my laptop at home. This works fine, I can reach my desktop at the office from my laptop at home. The only problem is that when the Vpn connection is active I cannot use a browser on my laptop. In fact, I cannot connect to anything outside the office Vpn (like mail, chat etc).
I suspected it had something to do with the DNS servers at the office not being reachable from the Vpn so I added my "regular" DNS servers to the /etc/resolve.conf used when the Vpn is active, I added two lines in total on the form "nameserver <ip-address>". This did not solve the problem. I have searched the KVpn forums without finding anything, and the same goes for the openSUSE forums. Does anybody else experience the same problem?
View 1 Replies
View Related
