Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Security and Privacy
Reload this Page Newbie OpenVPN iptables question
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 27th September 2007, 06:32 PM
Leftie Offline
Registered User
  
Join Date: Sep 2007
Posts: 10
Newbie OpenVPN iptables question
The company I am with enlisted me to move their OpenVPN server. This is my first time working with OpenVPN and iptables.

In configuring the iptables for OpenVPN I had planed on copying the /etc/sysconf/iptables file from the old server to the new server. Of course that did not work and I am getting an error when iptables-restore runs with the old file. I started adding the rules in one by one from the command line. All the nat filters went in with out a problem. The one thing I can not figure out is how to add the line in the /etc/sysconf/iptables that contain RH-Firewall-1-INPUT from the command line.

How do I get the lines that include RH-Firewall-1-INPUT into the /etc/sysconf/iptables file?

Thanks
Reply With Quote
  #2  
Old 28th September 2007, 02:47 PM
cr4ck3r Offline
Registered User
  
Join Date: Oct 2005
Posts: 219
I did not see any related issue between OpenVPN and Iptables. What is your problem?
I've successfully installed OpenVPN in my company, usually, you have to modify the firewall rule to make it work.
I assume you are using bridging VPN (ie. tun interface).
On the server, enter those command
Code:
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I INPUT -o tun0 -j ACCEPT
iptables -I OUTPUT -i tun0 -j ACCEPT
Do the same on the client.
Those rules just make OpenVPN to work, but they are INSECURE. You should modify these rules into stricter ones.
Hope this may help.
__________________
Linux User number : 451678
Desktop:
AMD X2 3800+, ASUS M2NPV-VM, GeForce 6150 128MB (onboard), 2GB RAM Corsairs 667, ASUS VW192T LCD 19" Widescreen.
Ubuntu 8.04 (Hardy Heron) x86
------------------------
Laptop:
HP Pavilion DV 5000
Fedora 10 (Cambridge) x86
Linux Machine Number: 359564
Last edited by cr4ck3r; 28th September 2007 at 03:00 PM.
Reply With Quote
  #3  
Old 28th September 2007, 04:03 PM
Leftie Offline
Registered User
  
Join Date: Sep 2007
Posts: 10
The problem is I can not get to the internal network once I connect to OpenVPN. From what I have read the firewall has to set up correctly before the routing works.

I have entered the commands below with no success.

iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I INPUT -o tun0 -j ACCEPT
iptables -I OUTPUT -i tun0 -j ACCEPT

My company is asking for a redundant VPN connection so this new server has to be a match to the current server.

Thanks for the input, Leftie
Reply With Quote
  #4  
Old 28th September 2007, 07:18 PM
David Becker Offline
Registered User
  
Join Date: Feb 2006
Posts: 780
Quote:
Originally Posted by Leftie
The problem is I can not get to the internal network once I connect to OpenVPN. From what I have read the firewall has to set up correctly before the routing works.
Are you pushing your internal network's IP network to the clients? 'push-route internal_network' in your server's config file.

David
Last edited by David Becker; 28th September 2007 at 09:25 PM.
Reply With Quote
  #5  
Old 28th September 2007, 11:28 PM
Leftie Offline
Registered User
  
Join Date: Sep 2007
Posts: 10
Quote:
Originally Posted by David Becker
Are you pushing your internal network's IP network to the clients? 'push-route internal_network' in your server's config file.

David
Yes, I am getting the proper IP address on the client.
Reply With Quote
  #6  
Old 29th September 2007, 08:56 AM
David Becker Offline
Registered User
  
Join Date: Feb 2006
Posts: 780
Quote:
Originally Posted by Leftie
Yes, I am getting the proper IP address on the client.
I wasn't referring to the host ip address (if that's what you're referring to). In other words, is your client receiving the network address of the remote network and updating it's routing tables?

Does

Code:
netstat -nr
on the client show the remote network?

David
Reply With Quote
Reply

Tags
iptables, newbie, openvpn, question

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OPENVPN /IPTABLES help woodson2 Servers & Networking 0 5th November 2008 06:19 PM
Newbie question about iptables Xx r3negade Security and Privacy 14 18th April 2008 08:03 AM
Newbie iptables question Leftie Security and Privacy 5 1st October 2007 06:04 PM
newbie iptables question vnandalike Security and Privacy 2 30th March 2006 09:48 PM


Current GMT-time: 05:56 (Sunday, 19-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat