LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-31-2010, 03:16 PM   #1
sylver.bruneau@gmail.com
LQ Newbie
 
Registered: Oct 2010
Posts: 4

Rep: Reputation: 0
How to keep some port out of the scope of a VPN connection ?


Hello,
I have a server (192.168.1.9) in my network that is running a http server on port 5000.
This server port have been opened (on my router 192.168.1.1) to be available from my public IP (on port 80).

I have recently installed openvpn to connect to a vpn, but I'd like to keep my http server available from my public IP (no need to have it available to the VPN network).

I'm completely lost and I don't know where to start ... Could someone point me a direction to dig into ?

Here are some details about the route configuration :

Code:
Server1> iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Server1> route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
178.71.215.230  192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
178.71.208.0    *               255.255.255.0   U     0      0        0 tap0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
default         v4-link.vpntunn 128.0.0.0       UG    0      0        0 tap0
128.0.0.0       v4-link.vpntunn 128.0.0.0       UG    0      0        0 tap0
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
Thanks,
Sylver
 
Old 10-31-2010, 04:30 PM   #2
feinbein
Member
 
Registered: Jan 2010
Location: Norway
Posts: 76

Rep: Reputation: 12
Maybe I am getting this wrong but you dont seem to have problem here.
Even if you use a vpn over your wan-connection, portforwarding on the wan-address will still work as before. So the http-server will still be available via the Wan IP and to the lan(or vpn)-network via the local address.
Could you describe a little what actually is not working for you at the moment?
 
Old 10-31-2010, 04:47 PM   #3
sylver.bruneau@gmail.com
LQ Newbie
 
Registered: Oct 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by feinbein View Post
Maybe I am getting this wrong but you dont seem to have problem here.
Even if you use a vpn over your wan-connection, portforwarding on the wan-address will still work as before. So the http-server will still be available via the Wan IP and to the lan(or vpn)-network via the local address.
Could you describe a little what actually is not working for you at the moment?
Hello,
If I use an online port scanner, my port 80 is shown as closed, and if I try to connect to this port from an external network, I have no answer from the server.

If I try to connect to my public ip and port 80 from my LAN, the server responds ...

This is a strange behavior, but if I shut down openvpn, the server become responsive again on my public IP (from external network) immediatly ...
 
Old 11-01-2010, 12:40 AM   #4
feinbein
Member
 
Registered: Jan 2010
Location: Norway
Posts: 76

Rep: Reputation: 12
Now I see, you start the tunnel from your server not your router.
Lets see, this could possible solved with another nic dedicated to the http-server or a nic-alias. Can you post ifconfig?
 
Old 11-02-2010, 12:39 AM   #5
sylver.bruneau@gmail.com
LQ Newbie
 
Registered: Oct 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Yes openvpn is installed on the server not on the router
Here is my ifconfig :
Code:
Server1> ifconfig
eth0      Link encap:Ethernet  HWaddr 00:11:32:XX:XX:XX  
          inet addr:192.168.1.9  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:70075005 errors:0 dropped:0 overruns:0 frame:0
          TX packets:58280041 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:2548806328 (2.3 GiB)  TX bytes:3988761380 (3.7 GiB)
          Interrupt:18 Memory:bfff8000-0 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:1500  Metric:1
          RX packets:40293 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40293 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:4928151 (4.6 MiB)  TX bytes:4928151 (4.6 MiB)

tap0      Link encap:Ethernet  HWaddr 00:FF:F2:XX:XX:XX  
          inet addr:178.71.208.50  Bcast:178.71.208.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:60014339 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43504750 errors:0 dropped:485110 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:1005763215 (959.1 MiB)  TX bytes:4071794605 (3.7 GiB)
Thanks,
Sylver
 
Old 11-03-2010, 11:12 AM   #6
feinbein
Member
 
Registered: Jan 2010
Location: Norway
Posts: 76

Rep: Reputation: 12
Quote:
Originally Posted by sylver.bruneau@gmail.com View Post
Hello,
If I use an online port scanner, my port 80 is shown as closed
I think we are getting there...
If you use an online scanner, it will scan the ip of your gateway to the internet. I suppose, while you are connected to the vpn , your gateway changes to the one of your vpn-server.
You can easily verify this by comparing http://canyouseeme.org before and after the vpn-connection. It should give two different ips.
Can you confirm that?
 
1 members found this post helpful.
Old 11-04-2010, 01:54 AM   #7
sylver.bruneau@gmail.com
LQ Newbie
 
Registered: Oct 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by feinbein View Post
I think we are getting there...
If you use an online scanner, it will scan the ip of your gateway to the internet. I suppose, while you are connected to the vpn , your gateway changes to the one of your vpn-server.
You can easily verify this by comparing http://canyouseeme.org before and after the vpn-connection. It should give two different ips.
Can you confirm that?
I confirm that when connected to the VPN, my public ip is the one of the VPN Internet gateway ! The problem is that I'm not allowed to configure anything on this VPN (no port forwarding) so I have to find a way to keep port 80 available from my ISP public ip !
 
Old 11-04-2010, 04:23 PM   #8
feinbein
Member
 
Registered: Jan 2010
Location: Norway
Posts: 76

Rep: Reputation: 12
So you ran the online-portscan while you where connected to the vpn in your browser?
That means you are scanning your vpn gateway, not the public IP of your ISP.
Ring a friend to check your http-service next time you use the vpn. I'm pretty sure he'll find it working.
If I'm wrong (which could well be possible) I am definately out of ideas here .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh: connection to host port: 22: Connection timed out lost connection cucolin@ Linux - Server 4 11-22-2011 06:15 AM
php mysqli::connection must stay in scope? sogenant Programming 2 07-10-2008 08:57 PM
VPN - is there a way to use VPN & normal connection at the same time? natv Linux - Networking 4 09-05-2007 08:48 AM
scope of an object and global scope lucky6969b Programming 7 12-09-2005 09:09 PM
Can get into work VPN, but not to my ip scope bclay1 Linux - Networking 0 11-09-2004 09:07 AM


All times are GMT -5. The time now is 07:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration