Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've setup a VPN connection using VPN device and now configuring my iptables because I want to use putty to access the internal IP of the server. I can ping 192.168.1.1 (the vpn device) but not the server(192.168.1.60). I can ping 192.168.1.1 but not 192.168.1.60. Here is my iptables configuration.
----------------------------------------------------
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 161 -j ACCEPT
#-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s ("my ip addresses allowed") --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.60 --dport 22 -j ACCEPT
# -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
--------------------------------------------------------
Kindly help me on how to set the right configuration on my iptables.
I might see what you're trying to do. But I'm really
not sure I have all the info I'd need to answer your question
exactly. I not using this to enable a VPN, just an internal
LAN. Although I can establish an outgoing VPN with no additional
configuration. However, if you're informed enough to be able to
set up the iptables config. you illustrated, you probably can apply
this to your situation. With two NIC's, eth0 connected to the
Internet, eth1 connected to an internal LAN, this sequence of
commands works to allow outgoing connections from the internal
LAN to establish a connection to a system on the Internet, packets
coming back from the Internet that are related to the established
connection to come back, and also sets up NAT for outgoing connections.
I've simplified it by not showing specific ports or IP's that I
restrict.
It starts by flushing the tables to use the defaults. Notice I'm
explictly stating both the input and the output.
iptables -F
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
I typed the following in my command line thru ssh but still, I cannot connect to 192.168.1.60.
-----------------------------------------------------------
iptables -F
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-----------------------------------------------------------
or do you mean, i should include these lines in my iptables configuration?
Here's what im doing:
My server's ip is 203.234.1.2. and has 2 NICs, eth0 and eth1(192.168.1.60). Connected to the server is the VPN device with internal ip, 192.168.1.1.
I opened putty.exe and try to connect to 192.168.1.60 but cannot. Also I cannot ping 192.168.1.60.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.