LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page IP tables are randomly blocking Internet connection when using open VPN
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
Page 2 of 2 1 2
  Search this Thread
Old 11-01-2014, 02:31 PM   #16
Dannermax
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled

brebs

I took a look at this site – on how to set up DNSmasq

https://wiki.debian.org/HowTo/dnsmasq

Would you suggest that I just installed the package and that's it? I cant really figure out how much of the setup on this page I should do.

Perhaps I should only do the part where I specify the interface.I only have one network interface on my raspberry.so should it look like this:

Interface=eth0
 
Old 11-01-2014, 02:42 PM   #17
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
Blog Entries: 36

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
Quote:
Originally Posted by Dannermax View Post
brebs

I took a look at this site – on how to set up DNSmasq

https://wiki.debian.org/HowTo/dnsmasq

Would you suggest that I just installed the package and that's it? I cant really figure out how much of the setup on this page I should do.

Perhaps I should only do the part where I specify the interface.I only have one network interface on my raspberry.so should it look like this:

Interface=eth0
Using DNSmasq will not fix your outbound DNS issue. Only that iptables rule I posted would. It was honest but incorrect advice based on the logs you posted.
Last edited by sag47; 11-01-2014 at 02:44 PM.
 
Old 11-01-2014, 02:47 PM   #18
Dannermax
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Okay I added the rules you suggested to my IP tables.they now look like this:

/sbin/iptables -A INPUT -p tcp --dport 22 -s 192.168.1.50 -j ACCEPT
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -d 192.168.1.0/24 -m state --state RELATED,ESTABLIS$
/sbin/iptables -A OUTPUT -o eth0 -d 192.168.1.0/24 -p udp --sport 68 --dport 67 -j A$
/sbin/iptables -A OUTPUT -o eth0 -d 192.168.1.0/24 -p udp --dport 138 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -d 192.168.1.0/24 -p udp --dport 137 -j ACCEPT
/bin/grep -h '^remote ' /etc/openvpn/*.ovpn | /usr/bin/cut -d ' ' -f 2 | /usr/bin/so$
/sbin/iptables -A OUTPUT -o eth0 -j LOG
/sbin/iptables -A OUTPUT -p udp -d 192.168.1.0/24 -m state --state NEW -m udp --dpor$
/sbin/iptables -A OUTPUT -o eth0 -j REJECT
/sbin/iptables -A INPUT -i tun0 -p tcp --dport 11633 -j ACCEPT
/sbin/iptables -A INPUT -i tun0 -p udp --dport 11633 -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp -m state --state NEW -m icmp --icmp-type 8
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p icmp -j ACCEPT

Does it look right?
Last edited by Dannermax; 11-01-2014 at 03:28 PM.
 
Old 11-01-2014, 03:41 PM   #19
Dannermax
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Now the rules have been added , and the system restarted!
Now I'll just cross my fingers and hope it works.I will report back in a couple of days and let you know if it worked .thanks for all your help so far!
 
Old 11-02-2014, 04:19 AM   #20
Dannermax
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Okay the same problem just happened again. My system has been running for about six hours and it seems that the same problem occurred again. I have made a log of file and:

Code:
iptables -L -n
I have exchanged my VPN service IP addresses with: xxx.xxx.xxx.xxx

I hope this makes sense to you please tell me if you need anything else to troubleshoot the problem.again thanks a lot for your time and help!

Code:
root@raspberrypi:/home/pi# tail -F /var/log/syslog
Nov  2 08:52:28 raspberrypi kernel: [40906.235454] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=50954 DF PROTO=UDP SPT=48652 DPT=53 LEN=52
Nov  2 08:52:29 raspberrypi kernel: [40906.817959] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50955 DF PROTO=UDP SPT=47945 DPT=53 LEN=40
Nov  2 08:52:33 raspberrypi kernel: [40911.241606] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=50956 DF PROTO=UDP SPT=59744 DPT=53 LEN=52
Nov  2 08:52:34 raspberrypi kernel: [40911.823968] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50957 DF PROTO=UDP SPT=60711 DPT=53 LEN=40
Nov  2 08:52:39 raspberrypi ovpn-myvpnhost_linux[2229]: RESOLVE: Cannot resolve host address: myvpnhost.net: [TRY_AGAIN] A temporary error occurred on an authoritative name server.
Nov  2 08:52:39 raspberrypi kernel: [40916.825205] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50958 DF PROTO=UDP SPT=56356 DPT=53 LEN=40
Nov  2 08:52:49 raspberrypi kernel: [40926.832782] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50959 DF PROTO=UDP SPT=47155 DPT=53 LEN=40
Nov  2 08:52:54 raspberrypi kernel: [40931.838803] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50960 DF PROTO=UDP SPT=54804 DPT=53 LEN=40
Nov  2 08:52:59 raspberrypi kernel: [40936.844833] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50961 DF PROTO=UDP SPT=34724 DPT=53 LEN=40
Nov  2 08:53:04 raspberrypi kernel: [40941.850945] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50962 DF PROTO=UDP SPT=40695 DPT=53 LEN=40
Nov  2 08:53:09 raspberrypi kernel: [40946.857015] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50963 DF PROTO=UDP SPT=55908 DPT=53 LEN=40
Nov  2 08:53:14 raspberrypi kernel: [40951.858130] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50964 DF PROTO=UDP SPT=34619 DPT=53 LEN=40
Nov  2 08:53:19 raspberrypi kernel: [40956.864146] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50965 DF PROTO=UDP SPT=44381 DPT=53 LEN=40
Nov  2 08:53:24 raspberrypi ovpn-myvpnhost_linux[2229]: RESOLVE: Cannot resolve host address: myvpnhost.net: [TRY_AGAIN] A temporary error occurred on an authoritative name server.
Nov  2 08:53:24 raspberrypi kernel: [40961.870178] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50966 DF PROTO=UDP SPT=33955 DPT=53 LEN=40
Nov  2 08:53:34 raspberrypi kernel: [40971.877633] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50967 DF PROTO=UDP SPT=39339 DPT=53 LEN=40
Nov  2 08:53:39 raspberrypi kernel: [40976.883655] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50968 DF PROTO=UDP SPT=46000 DPT=53 LEN=40
Nov  2 08:53:44 raspberrypi kernel: [40981.889672] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50969 DF PROTO=UDP SPT=58514 DPT=53 LEN=40
Nov  2 08:53:49 raspberrypi kernel: [40986.895697] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50970 DF PROTO=UDP SPT=60918 DPT=53 LEN=40
Nov  2 08:53:54 raspberrypi kernel: [40991.901784] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50971 DF PROTO=UDP SPT=32892 DPT=53 LEN=40
Nov  2 08:53:59 raspberrypi kernel: [40996.907787] IN= OUT=eth0 SRC=192.168.1.46 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50972 DF PROTO=UDP SPT=33059 DPT=53 LEN=40
^C
root@raspberrypi:/home/pi#


root@raspberrypi:/home/pi# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.1.50         0.0.0.0/0            tcp dpt:22
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.1.0/24       0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:11633
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:11633
ACCEPT     icmp --  192.168.1.0/24       0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
xxx.xxx.xxx.xxx
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            192.168.1.0/24       state RELATED,ESTABLISHED
ACCEPT     udp  --  0.0.0.0/0            192.168.1.0/24       udp spt:68 dpt:67
ACCEPT     udp  --  0.0.0.0/0            192.168.1.0/24       udp dpt:138
ACCEPT     udp  --  0.0.0.0/0            192.168.1.0/24       udp dpt:137
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
ACCEPT     all  --  0.0.0.0/0            xxx.xxx.xxx.xxx
LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
           udp  --  0.0.0.0/0            192.168.1.0/24       state NEW udp dpt:53
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
           icmp --  0.0.0.0/0            0.0.0.0/0            state NEW icmptype 8
root@raspberrypi:/home/pi#
 
Old 11-02-2014, 12:58 PM   #21
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
Blog Entries: 36

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
According to your iptables -nL I see two things.

icmp is after your output reject. Second, udp outbound does not jump to ACCEPT like all the other rules. Looking back I gave you a bad rule because I forgot to add -j ACCEPT. I also should not have added state to that rule so you should change it to look like the following.

Code:
iptables -A OUTPUT -p udp -d 192.168.1.0/24 -m udp --dport 53 -j ACCEPT
Last edited by sag47; 11-02-2014 at 01:00 PM.
 
1 members found this post helpful.
Old 11-02-2014, 01:49 PM   #22
Dannermax
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Right.I have added the icmp rules, and the new rule you gave me, before the output reject rule. Nothing more to do now then wait. I will let you know if it worked!
 
Old 11-05-2014, 01:47 PM   #23
Dannermax
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Okay here is an update after three days. I can happily report that my problem has been solved.the connection is Steady and it has not been necessary to restart my system.so I would like to say thanks to all who contributed in helping me solve this. and a special thanks to sag47 for actually solving my problem!

Once again, this proves that linux questions is filled with experts!
 
  


Reply
Page 2 of 2 1 2



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet connection randomly being dropped - correct way to reconnect it? ljones0 Linux - Networking 10 10-04-2014 10:38 PM
Linux Gateway (CentOS) Randomly Loses Internet Connection dschuett Linux - Networking 1 12-20-2012 10:15 AM
Intranet blocking internet connection - proxy elrondil Linux - Networking 2 11-22-2012 10:00 AM
[SOLVED] Internet connection randomly freezes. [MAC OS X] lupusarcanus Other *NIX 9 07-31-2010 10:59 PM
Internet connection drops randomly on Kubuntu 5.04 Electrolyte Linux - Networking 0 06-14-2005 12:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:43 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration