Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 05-19-2021, 04:03 PM   #1
Registered: Oct 2016
Distribution: Looking again
Posts: 416

Rep: Reputation: 39
Adapting firewall rules to access local network without going through VPN

Linux Mint's Warpinator doesn't work with a VPN connected.
Would it be possible to write firewall rules that would allow that app to not use the VPN?

(Split-tunneling doesn't work, cuz that still goes out to the Internet, doesn't stay local.)

Could these old kill-switch rules (below) be adapted, maybe?
sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any
sudo ufw allow in on tun0 from any to any
sudo ufw allow out from any to <address of vpn>
sudo ufw enable
sudo ufw status
Old 05-20-2021, 03:22 AM   #2
LQ Newbie
Registered: Jan 2021
Posts: 4

Rep: Reputation: Disabled
I guess it depends on some variables.
Your network structure?
Do you run a local dns server (e.g. dnsmasq)?

What is the non-VPN network configuration?
What is the VPN configuration? Does this edit the nameservers? I figure your VPN is applied "system-wide", is it?

Do you connect in warpinator using names or by IP?
I don't know warpinator. It should have 42000 port reserved, that port could be routed away from your VPN.
1 members found this post helpful.
Old 05-20-2021, 05:30 AM   #3
Registered: Oct 2016
Distribution: Looking again
Posts: 416

Original Poster
Rep: Reputation: 39
the local network is through the ISP's modem/router and it uses DHCP ; warpinator connects so far by name.
And yes, it does use port 42000 - how would I route it away from the VPN? Sounds like my solution, that does. Thanks.
Old 05-20-2021, 06:32 AM   #4
LQ Newbie
Registered: Jan 2021
Posts: 4

Rep: Reputation: Disabled
If warpinator name resolution occurs at port 53, it gets painful. You may need to merge local and remote names.
Depending on your ISP router this could require a gateway system in order to grant that remote names comes from the VPN while the local ones are from the dhcp server. Likely it will resolve both if it works as DNS server, in that case the gateway system should run a dns service.

Else, in case warpinator discovers devices on his own port,
something like:
(in case your network interface is eth0)

iptables -t nat -A PREROUTING -i eth0 -p tcp -d --dport 42000 -j DNAT --to-destination $yourISProuterIP:42000
iptables -t nat -A PREROUTING -i eth0 -p udp -d --dport 42000 -j DNAT --to-destination $yourISProuterIP:42000

should route your traffic across 42000 into your ISp router (which should be the same occurring without the VPN).
Please note that this would require your ISP router for warpinator to work (if you are on laptop, it could be disappointing).

It would be simpler if your VPN works as a virtual network interface rather than recofiguring the current one.
In that case something like
iptables -A PREROUTING -p tcp --dport 42000 -i eth0
iptables -A PREROUTING -p udp --dport 42000 -i eth0

should be enought to avoid warpinator to be tunneled in tun0 (or whatever).
In this case warpinator would be bound to an interface (always the same, even if you switch across multiple interfaces, like wlan0/eth0).

I don't know neither how warpinator discovers thee devices nor how is your managed your vpn connection.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] /etc/udev/rules.d/40-libsane.rules and /etc/udev/rules.d/S99-2000S1.rules missing LABEL=libsane_rules_end mumahendras3 Slackware 6 03-09-2020 02:27 AM
auditctl -l not showing any rules even though i have rules written in audit.rules alphaguy Linux - Security 1 02-07-2014 05:28 PM
Firewall Rules to add VPN Network into my LAN Network ed182 Linux - Networking 1 06-04-2010 03:17 PM
adapting the configuration written by system-config-securitylevel xpucto Linux - Security 3 11-10-2006 10:12 AM
Adapting software for LFS Whitesocks Linux From Scratch 2 09-08-2005 05:09 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:25 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration