log-level 7 -log-prefix "Dropped by firewall: " sbin/iptables -A INPUT -m limit -limit 15/minute -j LOG \ # with a maximum of 15 log entries per minute What I not understand is that in the the output of iptables is no tun interface.Ĭode: Select all # Log the rest of the incoming messages (all of which are dropped) # Allow TUN interface connections to be forwarded through other interfaces Iptables -A INPUT -p udp -m udp -dport 33434:33523 -j ACCEPT Iptables -A INPUT -p icmp -m icmp -icmp-type echo-request -j ACCEPT Iptables -A INPUT -p icmp -m icmp -icmp-type parameter-problem -j ACCEPT # Accept notifications of protocol problems Iptables -A INPUT -p icmp -m icmp -icmp-type time-exceeded -j ACCEPT Iptables -A INPUT -p icmp -m icmp -icmp-type source-quench -j ACCEPT # Accept notifications to reduce sending speed Iptables -A INPUT -p icmp -m icmp -icmp-type destination-unreachable -j ACCEPT # Accept notifications of unreachable hosts Iptables -A INPUT -p icmp -m icmp -icmp-type echo-reply -j ACCEPT Iptables -A INPUT -p udp -m udp -dport 1024:65535 -sport 53 -j ACCEPT Iptables -A INPUT -p tcp -m tcp -tcp-flags ACK ACK -j ACCEPT Enable and disable these as per your requirements Iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE Iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT #10.8.0.0 ? Check your OpenVPN nf to be sure Iptables -A FORWARD -m state -state RELATED,ESTABLISHED -j ACCEPT Iptables -A INPUT -p udp -dport 1094 -j ACCEPT #Take note that the rule says "UDP", and ensure that your OpenVPN nf says UDP too #Accept connections on 1094 for vpn access from clients Iptables -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT # Accept packets belonging to established and related connections Iptables -P INPUT DROP #using DROP for INPUT is not always recommended. # Set default policies for INPUT, FORWARD and OUTPUT chains Iptables -A INPUT -p tcp -dport 22 -j ACCEPT # Allow SSH connections on tcp port 22 (or whatever port you want to use) REJECT all - anywhere anywhere reject-with icmp-port-unreachableĪCCEPT tcp - anywhere anywhere tcp spt:rootd Mon Apr 23 14:53:47 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (cĠx1. When I configure my internet ip and start the client it stops with: I have installed OpenVPN on Ubuntu Server
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |