Basic IPTables setup for OpenVPN/HTTP/HTTPS server

Posted by Afronautica on Server Fault See other posts from Server Fault or by Afronautica
Published on 2010-05-27T21:26:35Z Indexed on 2010/05/27 21:33 UTC
Read the original article Hit count: 230

Filed under:
|

I'm trying to get a basic IPTables setup on my server which will allow HTTP/SSH access, as well as enable the use of the server as an OpenVPN tunnel. The following is my current rule setup - the problem is OpenVPN queries (port 1194) seemed to be getting dropped as a result of this ruleset.

Pinging a website while logged into the VPN results in teh response:

Request timeout for icmp_seq 1 92 bytes from 10.8.0.1: Destination Port Unreachable

When I clear the IPTable rules pinging from the VPN works fine. Any ideas?

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1194 -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

© Server Fault or respective owner

Related posts about security

Related posts about iptables