Jump to content
Not connected, Your IP: 54.198.139.112

Recommended Posts

So, I'm running Ubuntu 14.04 and I'm having a problem with setting up itables to shutdown traffic in case the vpn goes down. I do want my LAN to have access if the vpn goes down, though.

 

I'm connecting to anser. Once I run these iptables, my torrent client is no longer able to connect to anyone.

 

sudo iptables -A INPUT -i tun0 -j ACCEPT
sudo iptables -A OUTPUT -o tun0 -j ACCEPT
sudo iptables -A INPUT -s 127.0.0.1 -j ACCEPT
sudo iptables -A INPUT -s 109.202.103.169  -j ACCEPT
sudo iptables -A INPUT -s 10.4.19.221/16 -j ACCEPT
sudo iptables -A INPUT -s 192.168.1.1/24 -j ACCEPT
sudo iptables -A INPUT -s 10.4.255.255 -j ACCEPT
sudo iptables -A OUTPUT -d 10.4.255.255 -j ACCEPT
sudo iptables -A OUTPUT -d 192.168.1.1/24 -j ACCEPT
sudo iptables -A OUTPUT -d 10.4.19.221/16 -j ACCEPT
sudo iptables -A OUTPUT -d 109.202.103.169  -j ACCEPT
sudo iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
sudo iptables -A INPUT -j DROP
sudo iptables -A OUTPUT -j DROP
 
Where am I messing up?

Share this post


Link to post

Option A: use the AirVPN Eddie client and its network lock

Option B: compare your rules to Eddie's network lock documentation, section "Mode 'iptables' in depth"

 

You're missing these three rules:

 

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i tun+ -j ACCEPT

iptables -A FORWARD -j DROP

 

you don't need these two at all:

iptables -A INPUT -s 10.4.19.221/16 -j ACCEPT

iptables -A OUTPUT -d 10.4.19.221/16 -j ACCEPT

 

i would also replace these two of your rules:

iptables -A INPUT -s 127.0.0.1 -j ACCEPT

iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT

 

with:

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

 

 

to allow all DHCP, you might also to replace:

iptables -A INPUT -s 10.4.255.255 -j ACCEPT
iptables -A OUTPUT -d 10.4.255.255 -j ACCEPT
 
with:
iptables -A INPUT -s 255.255.255.255 -j ACCEPT
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
 

all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Thanks for the reply.

 I tried this as my rules:

iptables -A INPUT -i tun0 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -s 109.202.103.169  -j ACCEPT
iptables -A INPUT -s 10.4.0.1 -j ACCEPT
iptables -A INPUT -s 192.168.1.1/24 -j ACCEPT
iptables -A INPUT -s 128.0.0.0/24 -j ACCEPT
iptables -A INPUT -s 0.0.0.0/24 -j ACCEPT
 
iptables -A OUTPUT -d 128.0.0.0/24 -j ACCEPT
iptables -A OUTPUT -d 0.0.0.0/24 -j ACCEPT
 
iptables -A OUTPUT -d 192.168.1.1/24 -j ACCEPT
iptables -A OUTPUT -d 10.4.0.1 -j ACCEPT
iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -d 109.202.103.169  -j ACCEPT
 
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
 
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -j DROP
 
my Torrenting client was still not able communicate after I run that. It's incoming port is set a port that I have forwarded on the vpn. It works fine before I run iptables
 
 
 
 
 
 
I also read that page and tried running the rules that were listed, with 
iptables -I OUTPUT 1 -d 109.202.103.169 -j ACCEPT
iptables -D OUTPUT -d 109.202.103.169 -j ACCEPT
added
 
When I try to connect to the vpn after, I get 
 
Sat Jul 25 13:08:33 2015 UDPv4 link remote: [AF_INET]109.202.103.169:443
Sat Jul 25 13:08:33 2015 write UDPv4: Operation not permitted (code=1)
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...