hello,

I have a server with 2 NICs.

I've setup a VPN connection using VPN device and now configuring my iptables because I want to use putty to access the internal IP of the server. I can ping 192.168.1.1 (the vpn device) but not the server(192.168.1.60). I can ping 192.168.1.1 but not 192.168.1.60. Here is my iptables configuration.

----------------------------------------------------
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 161 -j ACCEPT
#-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s ("my ip addresses allowed") --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.60 --dport 22 -j ACCEPT
# -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
--------------------------------------------------------

Kindly help me on how to set the right configuration on my iptables.

Hi,

I might see what you're trying to do. But I'm really
not sure I have all the info I'd need to answer your question
exactly. I not using this to enable a VPN, just an internal
LAN. Although I can establish an outgoing VPN with no additional
configuration. However, if you're informed enough to be able to
set up the iptables config. you illustrated, you probably can apply
this to your situation. With two NIC's, eth0 connected to the
Internet, eth1 connected to an internal LAN, this sequence of
commands works to allow outgoing connections from the internal
LAN to establish a connection to a system on the Internet, packets
coming back from the Internet that are related to the established
connection to come back, and also sets up NAT for outgoing connections.

I've simplified it by not showing specific ports or IP's that I
restrict.

It starts by flushing the tables to use the defaults. Notice I'm
explictly stating both the input and the output.

iptables -F

iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE




Hope this helps.

Thanks for your reply, kakaka.

I typed the following in my command line thru ssh but still, I cannot connect to 192.168.1.60.
-----------------------------------------------------------
iptables -F

iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-----------------------------------------------------------

or do you mean, i should include these lines in my iptables configuration?

Here's what im doing:

My server's ip is 203.234.1.2. and has 2 NICs, eth0 and eth1(192.168.1.60). Connected to the server is the VPN device with internal ip, 192.168.1.1.

I opened putty.exe and try to connect to 192.168.1.60 but cannot. Also I cannot ping 192.168.1.60.

Any other ideas?