Basic IPTables setup for OpenVPN/HTTP/HTTPS server
Posted
by Afronautica
on Server Fault
See other posts from Server Fault
or by Afronautica
Published on 2010-05-27T21:26:35Z
Indexed on
2010/05/27
21:33 UTC
Read the original article
Hit count: 235
I'm trying to get a basic IPTables setup on my server which will allow HTTP/SSH access, as well as enable the use of the server as an OpenVPN tunnel. The following is my current rule setup - the problem is OpenVPN queries (port 1194) seemed to be getting dropped as a result of this ruleset.
Pinging a website while logged into the VPN results in teh response:
Request timeout for icmp_seq 1 92 bytes from 10.8.0.1: Destination Port Unreachable
When I clear the IPTable rules pinging from the VPN works fine. Any ideas?
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT
© Server Fault or respective owner