LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-26-2017, 12:50 AM   #1
gone_bush
LQ Newbie
 
Registered: Oct 2008
Posts: 3

Rep: Reputation: 0
problem with iptables and NordVPN/OpenVPN


I'm trying to get NordVPN/OpenVPN working with my laptop that is visible to the internet and has port 22 open.

The touble appears to be in my iptables firewall.

As I understand it, the flow of a packet should be

1) raw prerouting
2) mangle prerouting
3) nat prerouting
4) either mangle forward or mangle input

My port 22 SYN packets seem to be getting lost between (4) and (5).

The following are some of my iptable rules (these rule are contiguous):

Code:
$IPT -t filter -A INPUT   -i tun+                 -j LOG --log-prefix "ssh filter input   tun: "
$IPT -t filter -A FORWARD -i tun+                 -j LOG --log-prefix "ssh filter forward tun: "
$IPT -t filter -A OUTPUT  -o tun+                 -j LOG --log-prefix "ssh filter output  tun: "

$IPT -A INPUT   -i tun+ -j ACCEPT
$IPT -A FORWARD -i tun+ -j ACCEPT
$IPT -A OUTPUT  -o tun+ -j ACCEPT

$IPT -t filter   -A FORWARD     -p tcp --dport 22 -j LOG --log-prefix "ssh filter     forward: "
$IPT -t filter   -A INPUT       -p tcp --dport 22 -j LOG --log-prefix "ssh filter       input: "
$IPT -t filter   -A OUTPUT      -p tcp --dport 22 -j LOG --log-prefix "ssh filter      output: "

$IPT -t mangle   -A FORWARD     -p tcp --dport 22 -j LOG --log-prefix "ssh mangle     forward: "
$IPT -t mangle   -A INPUT       -p tcp --dport 22 -j LOG --log-prefix "ssh mangle       input: "
$IPT -t mangle   -A OUTPUT      -p tcp --dport 22 -j LOG --log-prefix "ssh mangle      output: "
$IPT -t mangle   -A POSTROUTING -p tcp --dport 22 -j LOG --log-prefix "ssh mangle postrouting: "
$IPT -t mangle   -A PREROUTING  -p tcp --dport 22 -j LOG --log-prefix "ssh mangle  prerouting: "

$IPT -t nat      -A PREROUTING  -p tcp --dport 22 -j LOG --log-prefix "ssh nat     prerouting: "
$IPT -t nat      -A POSTROUTING -p tcp --dport 22 -j LOG --log-prefix "ssh nat    postrouting: "

$IPT -t raw      -A  PREROUTING -p tcp --dport 22 -j LOG --log-prefix "ssh raw     prerouting: "
$IPT -t raw      -A  OUTPUT     -p tcp --dport 22 -j LOG --log-prefix "ssh raw         output: "

$IPT -t security -A INPUT       -p tcp --dport 22 -j LOG --log-prefix "ssh security     input: "
$IPT -t security -A FORWARD     -p tcp --dport 22 -j LOG --log-prefix "ssh security   forward: "
$IPT -t security -A OUTPUT      -p tcp --dport 22 -j LOG --log-prefix "ssh security    output: "
All I get is (edited):

Code:
ssh raw     prerouting: IN=wlan OUT= MAC=??? SRC=999.999.999.999 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=17534 DF PROTO=TCP SPT=42583 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
ssh mangle  prerouting: IN=wlan OUT= MAC=??? SRC=999.999.999.999 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=17534 DF PROTO=TCP SPT=42583 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
ssh nat     prerouting: IN=wlan OUT= MAC=??? SRC=999.999.999.999 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=17534 DF PROTO=TCP SPT=42583 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
ssh raw     prerouting: IN=wlan OUT= MAC=??? SRC=999.999.999.999 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=17535 DF PROTO=TCP SPT=42583 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
ssh mangle  prerouting: IN=wlan OUT= MAC=??? SRC=999.999.999.999 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=17535 DF PROTO=TCP SPT=42583 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
ssh nat     prerouting: IN=wlan OUT= MAC=??? SRC=999.999.999.999 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=17535 DF PROTO=TCP SPT=42583 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
HELP!
Kevin
 
Old 04-27-2017, 07:14 PM   #2
gone_bush
LQ Newbie
 
Registered: Oct 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Problem (almost) solved - The packet was being treated as a martian in the rp-filter mechanism. (Alas the VPN is working, but I'm making progress.)

Last edited by gone_bush; 04-27-2017 at 07:15 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: NordVPN for Android LXer Syndicated Linux News 0 09-06-2016 02:12 PM
[SOLVED] openvpn or iptables or routing problem linuxgurusa Linux - Networking 2 05-08-2012 09:21 AM
OpenVPN\IPtables routing problem!! Please help me out Pumbaa Linux - Networking 2 01-28-2012 03:01 PM
Allow openvpn in IPTables jhmdev Linux - Networking 9 07-30-2009 02:48 PM
OPENVPN /IPTABLES help woodson2 Linux - Networking 3 11-06-2008 02:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration