[Firewall] Openvpn access control!!!

Zakai Kinan titanyen2000 at yahoo.com
Wed Jul 23 12:10:54 MDT 2008


Let me try to explain a little more.

iptables -A FORWARD -i tun0 -s 10.250.250.5 -d 10.10.255.3 -j REJECT.

10.250.250.5/30 is a static IP for a vpn user.  10.10.255.3 is a server behind the vpn server/router.  Yet the rule above does not work at all.  This rule is on the router where the vpn resides.  The vpn server/router is doing nat.  This router is inside the network.  10.250.250.0/24 is being masqueraded to go to publicly facing servers outside the natted LAN.


Let me know if more info is needed.


ZK





--- On Sun, 7/20/08, Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl> wrote:

> From: Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl>
> Subject: Re: [Firewall] Openvpn access control!!!
> To: titanyen2000 at yahoo.com, "Arno's IPTABLES firewall script" <firewall at lists.btito.net>
> Date: Sunday, July 20, 2008, 4:46 AM
> Could you provide some more details about your setup and
> such? Else it's 
> impossible for us to provide (good) advice....
> 
> a.
> 
> Zakai Kinan wrote:
> > I have openvpn setup and working properly, but I
> can't control access with iptables.  I am using
> arno's 1.9.beta3.  For example, rejecting access to a
> server does not work -   Any help is
> appreciated.
> > 
> > 
> > TIA
> > 
> > 
> > ZK
> > 
> > 
> > 
> > 
> >       
> > 
> > _______________________________________________
> > Firewall mailing list
> > Firewall at lists.btito.net
> >
> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> > Arno's (Linux IPTABLES Firewall) Homepage:
> > http://rocky.eld.leidenuniv.nl
> > 
> 
> -- 
> Arno van Amersfoort
> E-mail    : arnova at rocky.eld.leidenuniv.nl
> Donations are welcome through Paypal!
> ---------------------------------------------------------------------------
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl


      



More information about the Firewall mailing list