Jump to content
Not connected, Your IP: 216.73.216.47

Recommended Posts

I set network lock under preferences>network lock to linux IP tables, and block all incoming/outgoing traffic and disallow lan/private. There's no IPs whitelisted. I'm still able to access the net when eddie isn't running. Is this normal behavior?

Share this post


Link to post

Well, of course not. Engage the lock, then in Logs tab click the lifebelt icon and paste or upload the output here to allow us to troubleshoot this.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
10 hours ago, OpenSourcerer said:

Well, of course not. Engage the lock, then in Logs tab click the lifebelt icon and paste or upload the output here to allow us to troubleshoot this.

OK thanks. Any info I should omit from the logs?

Share this post


Link to post
15 hours ago, OpenSourcerer said:

Well, of course not. Engage the lock, then in Logs tab click the lifebelt icon and paste or upload the output here to allow us to troubleshoot this.

edd.logs

Share this post


Link to post

Let's try the newest version of Eddie first. Current is 2.20.
Then see if it still does work. If yes, post the iptables configuration.

# iptables -L -t nat

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 5/21/2021 at 12:38 AM, SeUbHS said:

I'm still able to access the net when eddie isn't running. Is this normal behavior?


Hello!

If you confirm that the sentence is correct ("when Eddie ISN'T running") then yes, it may be normal behavior. When Eddie is properly closed, it de-activates Network Lock. However, if Eddie isn't running because it crashed, then Network Lock remains enabled, because it's a set of firewall rules which are not modified.

Kind regards
 

Share this post


Link to post
13 hours ago, Staff said:

Hello!

If you confirm that the sentence is correct ("when Eddie ISN'T running") then yes, it may be normal behavior. When Eddie is properly closed, it de-activates Network Lock. However, if Eddie isn't running because it crashed, then Network Lock remains enabled, because it's a set of firewall rules which are not modified.

Kind regards
 
Yep, eddie is not running when this occurs, so it'd be normal behavior according to what you said. Is there a way to persist the firewall rules even if eddie isn't running? That way I never have to worry about eddie failing to run on startup?

Share this post


Link to post
@SeUbHS

Hello!

Yes, set your blocking rules as default rules while Eddie is not running and has just exited cleanly. Remember to allow local network, and special destinations such as 255.255.255.255 in order not to block DHCP (at bootstrap etc.). Since you run iptables you can simply enforce DROP policy to the OUTPUT and INPUT chains of the filter table, and then set a few rules jumping to ACCEPT for local subnet, localhost and 255.255.255.255.

A very simple startup script (it's only an example, you must modify it according to your needs and the features of your network, and you can also use iptables-save to make rules permanent - also specify the correct path to iptables):
 
iptables -F
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -I INPUT -s 255.255.255.255 -j ACCEPT
iptables -I OUTPUT -d 255.255.255.255 -j ACCEPT
iptables -I OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
iptables -I INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
iptables -I INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -I OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT


When Eddie enables Network Lock, you can communicate with AirVPN infrastructure only. When Eddie disables Network Lock (including when it quits) it will restore your blocking rule, so your machine will be isolated from the Internet.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...