mmogamr 0 Posted ... So, I'm running Ubuntu 14.04 and I'm having a problem with setting up itables to shutdown traffic in case the vpn goes down. I do want my LAN to have access if the vpn goes down, though. I'm connecting to anser. Once I run these iptables, my torrent client is no longer able to connect to anyone. sudo iptables -A INPUT -i tun0 -j ACCEPTsudo iptables -A OUTPUT -o tun0 -j ACCEPTsudo iptables -A INPUT -s 127.0.0.1 -j ACCEPTsudo iptables -A INPUT -s 109.202.103.169 -j ACCEPTsudo iptables -A INPUT -s 10.4.19.221/16 -j ACCEPTsudo iptables -A INPUT -s 192.168.1.1/24 -j ACCEPTsudo iptables -A INPUT -s 10.4.255.255 -j ACCEPTsudo iptables -A OUTPUT -d 10.4.255.255 -j ACCEPTsudo iptables -A OUTPUT -d 192.168.1.1/24 -j ACCEPTsudo iptables -A OUTPUT -d 10.4.19.221/16 -j ACCEPTsudo iptables -A OUTPUT -d 109.202.103.169 -j ACCEPTsudo iptables -A OUTPUT -d 127.0.0.1 -j ACCEPTsudo iptables -A INPUT -j DROPsudo iptables -A OUTPUT -j DROP Where am I messing up? Quote Share this post Link to post
InactiveUser 188 Posted ... Option A: use the AirVPN Eddie client and its network lockOption B: compare your rules to Eddie's network lock documentation, section "Mode 'iptables' in depth" You're missing these three rules: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPTiptables -A FORWARD -i tun+ -j ACCEPTiptables -A FORWARD -j DROP you don't need these two at all:iptables -A INPUT -s 10.4.19.221/16 -j ACCEPTiptables -A OUTPUT -d 10.4.19.221/16 -j ACCEPT i would also replace these two of your rules:iptables -A INPUT -s 127.0.0.1 -j ACCEPTiptables -A OUTPUT -d 127.0.0.1 -j ACCEPT with:iptables -A INPUT -i lo -j ACCEPTiptables -A OUTPUT -o lo -j ACCEPT to allow all DHCP, you might also to replace:iptables -A INPUT -s 10.4.255.255 -j ACCEPTiptables -A OUTPUT -d 10.4.255.255 -j ACCEPT with:iptables -A INPUT -s 255.255.255.255 -j ACCEPTiptables -A OUTPUT -d 255.255.255.255 -j ACCEPT Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
mmogamr 0 Posted ... Thanks for the reply. I tried this as my rules:iptables -A INPUT -i tun0 -j ACCEPTiptables -A OUTPUT -o tun0 -j ACCEPTiptables -A INPUT -s 127.0.0.1 -j ACCEPTiptables -A INPUT -s 109.202.103.169 -j ACCEPTiptables -A INPUT -s 10.4.0.1 -j ACCEPTiptables -A INPUT -s 192.168.1.1/24 -j ACCEPTiptables -A INPUT -s 128.0.0.0/24 -j ACCEPTiptables -A INPUT -s 0.0.0.0/24 -j ACCEPT iptables -A OUTPUT -d 128.0.0.0/24 -j ACCEPTiptables -A OUTPUT -d 0.0.0.0/24 -j ACCEPT iptables -A OUTPUT -d 192.168.1.1/24 -j ACCEPTiptables -A OUTPUT -d 10.4.0.1 -j ACCEPTiptables -A OUTPUT -d 127.0.0.1 -j ACCEPTiptables -A OUTPUT -d 109.202.103.169 -j ACCEPT iptables -A INPUT -j DROPiptables -A OUTPUT -j DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPTiptables -A FORWARD -i tun+ -j ACCEPTiptables -A FORWARD -j DROP my Torrenting client was still not able communicate after I run that. It's incoming port is set a port that I have forwarded on the vpn. It works fine before I run iptables I also read that page and tried running the rules that were listed, with iptables -I OUTPUT 1 -d 109.202.103.169 -j ACCEPTiptables -D OUTPUT -d 109.202.103.169 -j ACCEPTadded When I try to connect to the vpn after, I get Sat Jul 25 13:08:33 2015 UDPv4 link remote: [AF_INET]109.202.103.169:443Sat Jul 25 13:08:33 2015 write UDPv4: Operation not permitted (code=1) Quote Share this post Link to post
Not connected, Your IP: 3.147.82.252
Online: 25546 users - 295452 Mbit/s total BW