How to block any acces from Public IP and allow only local via VPN
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to block any acces from Public IP and allow only local via VPN
Hi guys,
I need little help with configuring my iptables.
I have 1 server on a Public IP adress. this server has a webserver on it, apache. wich is accesable on port 80 and 9080.
Normally this web server is accesable for the public.
I want to change this. I want to make sure that it's only accesable for the local users on IP : 192.168.0.x
I have installed the default pptpd vpn server on this machine, so I can make vpn connection with it.
so only users that are connected by VPN and get IP : 192.168.0.x can acces the webserver all other requests from public IP should be rejected.
Now, I have also webmin on this server. so I can manage the iptables via GUI,
I have tryed to change the web acces rule, and set Source IP to : 192.168.0.1 but that does not work.
If I set to reject all then it works, but not when I say only 192. IP adress. then it just works for public too.
While I agree this could be done with iptables rules, I think it may be simpler and more effective to handle this from your web server configuration. You should be able to bind the web server to a specific IP address. That will make it only listen on that ip.
While I agree this could be done with iptables rules, I think it may be simpler and more effective to handle this from your web server configuration. You should be able to bind the web server to a specific IP address. That will make it only listen on that ip.
that is an option, but then I will have to do that also with webmin, and other things like ssh etc...
I thought it would be much simpler if I'd do that in ip tables, not altering with any internal settings.
Can you provide a quicklist of things that you need to be accessible from External and Internal? Eg:
External:
SSH
Webmin
Internal:
Port 8888
Telnet
FTP
Giving you one rule might mess everything up, if we are not aware of your full configuration intentions.
It's basicly a voip server, I only need voip signalling and rtp it's 5060 and 10000-20000. and for the vpn 1723.
all others I have blocked, but I do need ssh and web from inside / for the users that come via vpn and get 192... ip
So normally when It should work on iptables, but somehow it's not.
all other ports are blocked well, I have tested it. and if I block the web and ssh, with drop it works too, but then it also blocks acces for vpn 192... local users.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.