I have a server that I am trying to setup for OpenVPN. I have followed all the steps, but I see that when I try to connect to it in Windows, it doesn't allow me, it just hangs on connecting, so I did a nmap scan and I see that port 1194 is not open so naturally I append the rule to open 1194 with:
iptables -A INPUT -i eth0 -p tcp --dport 1194 -j ACCEPT
followed by service iptables save and service iptables restart which all executed successfully.
Then I try again, but it doesn't work and another nmap scan says that port 1194 is closed.
Here is the iptables configuration:
# Generated by iptables-save v1.4.7 on Thu Oct 31 09:47:38 2013
*nat
:PREROUTING ACCEPT [27410:3091993]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [5042:376160]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -j SNAT --to-source 41.185.26.238
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Oct 31 09:47:38 2013
# Generated by iptables-save v1.4.7 on Thu Oct 31 09:47:38 2013
*filter
:INPUT ACCEPT [23571:2869068]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [27558:3656524]
:vl - [0:0]
-A INPUT -p tcp -m tcp --dport 5252 -m comment --comment "SSH Secure" -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -$
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment "SSH" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m comment --comment "HTTP" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -m comment --comment "HTTPS" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m comment --comment "HTTP Encrypted" -j ACCEP$
-A INPUT -i eth0 -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -i eth0 -p gre -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j A$
COMMIT
# Completed on Thu Oct 31 09:47:38 2013
and my nmap scan from:
localhost:
nmap localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-31 09:53 SAST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000011s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
443/tcp open https
1723/tcp open pptp
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
remote pc:
nmap [server ip]
Starting Nmap 6.00 ( http://nmap.org ) at 2013-10-31 09:53 SAST
Nmap scan report for rla04-nix1.wadns.net (41.185.26.238)
Host is up (0.025s latency).
Not shown: 858 filtered ports, 139 closed ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
8008/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 15.70 seconds
So, I do not know what is causing this, any assistance will be appreciated!
UPDATE AFTER FIRST ANSWER:::
[root@RLA04-NIX1 ~]# iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[root@RLA04-NIX1 ~]# iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
[root@RLA04-NIX1 ~]# iptables -A FORWARD -j REJECT
[root@RLA04-NIX1 ~]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
[root@RLA04-NIX1 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@RLA04-NIX1 ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter nat [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@RLA04-NIX1 ~]# lsof -i :1194
-bash: lsof: command not found
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5252 /* SSH Secure */
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 state NEW,RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* SSH */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* HTTP */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 /* HTTPS */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 /* HTTP Encrypted */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 state RELATED,ESTABLISHED
Chain vl (0 references)
target prot opt source destination
[root@RLA04-NIX1 ~]# nmap localhostt
Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-31 11:13 SAST
remote pc
nmap [server ip]
Starting Nmap 6.00 ( http://nmap.org ) at 2013-10-31 11:11 SAST
Nmap scan report for rla04-nix1.wadns.net (41.185.26.238)
Host is up (0.020s latency).
Not shown: 858 filtered ports, 139 closed ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
8008/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 4.18 seconds
localhost
nmap localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-31 11:13 SAST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000011s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
443/tcp open https
1723/tcp open pptp
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
UPDATE AFTER SCANNING UDP PORTS
Sorry, I am noob, I am still learning, but here is the output for:
nmap -sU [server ip]
Starting Nmap 6.00 ( http://nmap.org ) at 2013-10-31 11:33 SAST
Nmap scan report for [server address] ([server ip])
Host is up (0.021s latency).
Not shown: 997 open|filtered ports
PORT STATE SERVICE
53/udp closed domain
123/udp closed ntp
33459/udp closed unknown
Nmap done: 1 IP address (1 host up) scanned in 8.57 seconds
btw, no changes have been made since post started (except for iptables changes)