Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have an OpenVPN server running but some users have problems connecting to port 1194 when they are in hotels or behind proxy server firewalls.
I was advised to change the openvpn client to use port 443 as that would bypass these problems but I can't send out new client.ovpn files for every client so need to forward port 443 on the server to 1194.
How can I do this in iptables for any source address.
Is it just:
-A FORWARD -p tcp -m state --state NEW -sport 443 --dport 1194 -j ACCEPT
These are the current openvpn rules:
...
-A INPUT -d xx.xxx.xxx.xx9 -p tcp -m tcp --dport 1194 -m state --state NEW -j ACCEPT
-A INPUT -d xx.xxx.xxx.xx9 -p udp -m udp --dport 1194 -m state --state NEW -j ACCEPT
-A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
-A OUTPUT -d xx.xxx.xxx.xx9 -p tcp -m tcp --dport 1194 -m state --state NEW -j ACCEPT
-A OUTPUT -d xx.xxx.xxx.xx9 -p udp -m udp --dport 1194 -m state --state NEW -j ACCEPT
...
Do I need to forward the tun and tap?
Also, I only want to forward traffic arriveing at port 443 on the xx.xxx.xxx.xx9 server not the xx.xxx.xxx.xx8 server (respectively the VPN and proxy servers)
ALso if I ttype that command into the prompt, will it rewrite my /etc/sysconfig/iptables file?
I've tried wireshark to see if the packet is received but I do not have a GUI so the dumpfile from wireshark is almost impossible to read.
tethereal -i eth0 -w /usr/local/sbin/myscripts/mycapture.pcap
tcpick -C -yP -r mycapture.pcap
I tried using iptraf and found that port 443 was already in use, which seemed strange unless the proxy server on xx.xxx.xxx.198 was already using it but that shouldn't matter.
I'm trying to access xx.xxx.xxx.199:443
Wed Jun 30 17:54:55 2010 us=375000 Expected Remote Options hash (VER=V4): '3dc0591a'
Wed Jun 30 17:54:55 2010 us=375000 Attempting to establish TCP connection with xx.xxx.xxx.199:443
Wed Jun 30 17:55:16 2010 us=328000 TCP: connect to xx.xxx.xxx.199:443 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.