Hi, On Mon, Jan 11, 2016 at 01:06:18PM -0800, Jeff Boyce wrote: > Now, I don't want to leave my firewall with a default Accept All setting > on the forwarding chain, so I need to identify a rule specific to the > packet type / traffic that I want to allow. I am little less > knowledgeable on firewall rules than routing so if someone could provide > a suggestion here I would appreciate it. I tried making a rule that > allowed all UDP TUN traffic, but that blocked my ping again. I think > then I tried adding a port specific rule, but that didn't help either. > At that point I ran out of time to conduct any additional tests.
You need to allow UDP (for OpenVPN) in the INPUT chain, because that
is consumed by the VPN server (-> INPUT), not forwarded elsewhere.
In the FORWARD chain, the easiest approach - and reasonably secure, unless
you distrust your VPN clients - is to permit everything coming in via
tun0
iptables -I INPUT -i tun0 -j FORWARD
(or similar to this, typing from memory)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
