Help Please: openVPN iptables trouble
I am a total amateur at server configurations so my pre-existing iptables entries are all from a previous guide I used to get my server up and running.
The situation is that I can connect via an openVPN client to my Linode, but I can't browse the web. For example, I can't browse to google.com and I can't ping google.com, but I CAN ping an IP Address.
If I flush iptables then everything works just fine.
Here is my iptables.up.rules file – the only additions I made during the openVPN install are the three lines under "# Allows openVPN connections"
Any help anyone could offer for getting me back on the right track will be very much appreciated!
*filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allows openVPN connections
-A INPUT -p udp --dport 1194 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
3 Replies
# Allow TUN interface connections to OpenVPN server
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A INPUT -i tap+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
So the only piece still broken is that I can't add the following instruction to my iptables.up.rules file…
-t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Because I get the following error when I try to roll them in
iptables-restore v1.4.4: Line 41 seems to have a -t table option.
But openVPN doesn't work with out that so I have to run it from the command line to get openVPN running.
Is there any way that can be added to my rules file so that everything is done automatically at reboot?
# iptables-save > iptables.rules
The rules will then be arranged in the way iptables-restore expects them to be. -rt
Thanks you, I very much appreciate it.