Jump to content


Photo

Prevent Leaks with Linux & Firestarter (also Stop traffic when VPN Drops)

Linux Firestarter gufw ufw

  • Please log in to reply
82 replies to this topic

#21 magnumpi

magnumpi

    Member

  • Members
  • PipPip
  • 24 posts

Posted 01 December 2012 - 06:32 PM

Also, if I have a laptop with wifi, no bluetooth or hard ethernet cable. So do I just replace all these rules with the Wireless interface wlan0 instead of eth0 and tun0? Or does the home network somehow use another interface (does interface=communication device)?

#22 magnumpi

magnumpi

    Member

  • Members
  • PipPip
  • 24 posts

Posted 01 December 2012 - 06:40 PM

Oh is tun0 the VPN and the other interface your internet connection? If we aren't doing any port forwarding, is that rule optional?

#23 magnumpi

magnumpi

    Member

  • Members
  • PipPip
  • 24 posts

Posted 01 December 2012 - 11:48 PM

OK, I got everything to work except my network printer. Any ideas here? I assumed adding the local network stuff would allow that to work, but evidently not. Is that some other interface?

#24 worric

worric

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 03 December 2012 - 03:48 PM

Ello

Soz, I've been quite busy these days, but I'll try to elaborate.

@rbj: The syntax is "sudo ufw allow in on eth0 from 192.168.1.0/24 to any"

@magnumpi: the 192.168.1.0/24 is indeed a subnet. It refers to the network containing the 255 addresses located between 192.168.1.1-192.168.1.255.
IF you have a different assignment of local addresses (say, 10.0.0.xxx) you should use those addresses instead (that is, 10.0.0.0/24)

if you want LAN traffic to work on your wireless adapter, then yes, you should use wlan0 instead of eth0 in the rules allowing your LAN addresses in and out.

The tun0 interface is 'the VPN interface' where internet traffic will go through. If you don't need or use the port forwarding feature of AirVPN, don't add the inbound rule on tun0 interface. But ofc keep the other rule.

Also, the subnet mask of 255.255.0.0 IS different from 255.255.255.0 in that it's a different size of network. If you don't have any specific reason for choosing 255.255.0.0, you should prolly change it back to 255.255.255.0 for a more standard setup and less confusion.

Your network printer should work as well, given that it's on the same LAN that your computer is on; all traffic to and from the LAN is allowed.

#25 Corsair28

Corsair28

    Advanced Member

  • Members
  • PipPipPip
  • 35 posts

Posted 03 December 2012 - 04:34 PM

Worric,

I was too busy to thank you before for posting your setup. It works great and I have 2 setups which work well for me. The GUFW approach is definitely a lot easier than the firestarter approach so I would recommend it to anyone who is not familiar setting up a firewall on their system.

#26 1earthlove

1earthlove

    Member

  • Members
  • PipPip
  • 17 posts

Posted 03 December 2012 - 04:35 PM

To worric - Should your instructions to stop traffic when vpn drops work if you are airvpn-over-tor?

To the AirAdmin - I'm NEW :sick: to forums & don't know the "stringy-stuff" etiquette. If its more appropriate to start a new topic - I don't care if you move this - just please explain it to me-

I'm waiting for help on my current issue - and this other topic had a reply that may be related to what My Topic/Subject is asking for Help with-

I'm overwhelmed by iptables in ubuntu - and yet it seems like a miracle that I'm NOW doing airvpn-over-tor successfully - I Need seriously-critical help with blocking All traffic if vpn dis-connects... :(

#27 Guest_rbj_*

Guest_rbj_*
  • Guests

Posted 03 December 2012 - 05:43 PM

Worric -

Your setup is now working great for me. Thanks for the help on that one rule.

#28 magnumpi

magnumpi

    Member

  • Members
  • PipPip
  • 24 posts

Posted 04 December 2012 - 01:23 PM

Worric thanks! I got the printer working!

So now I have the connection on VPN and when I disconnect the VPN my internet stops working - thanks to the rules in GUFW/UFW on my Ubuntu machine.

What is weird is when I close my laptop (not sure it goes into actual standby mode or what) and come back several hours later to "wake it up", the Wifi connection remains active but the VPN disconnects. At that point if I then browse the internet - my IP shows my "true" IP?! The Firewall remains enabled so i don't understand how this is possible. I toggled the VPN back on and then it all works as expected. Not sure if I need to toggle the firewall too... will try next time this happens. Any ideas what is wrong?

#29 itsasunnyray

itsasunnyray

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 16 December 2012 - 06:23 AM

Hello everyone and thanks worric for the info. I have done all of worric's set up exept the 192.168.1.0/24 home network because it didn't work without using VPN. When I right clicked on my connection information window it said under IPV4 192.168.0.105 for IP address and 192.168.0.255 for broadcast address so I set it up with 192.168.0.0/24 instead and it works without using VPN. Now I'm not quite sure I understand what I'm doing, isn't allowing a"normal" LAN connection defeating the purpose of going through selected port only? I ask this because I downloaded a P2P file through transmission and when done I let it in seeding mode for others until I saw in the terminal that my VPN connection had terminated, and it was still seeding!? So is this what you call a leak or I didn't set this up properly? Also there must be a way to have a warning when the connection stops and there should have an automatic re-connection process when it goes off shouldn't it? I use Linux Mint 13 with gufw

#30 magnumpi

magnumpi

    Member

  • Members
  • PipPip
  • 24 posts

Posted 06 January 2013 - 03:49 AM

Worric thanks! I got the printer working!

So now I have the connection on VPN and when I disconnect the VPN my internet stops working - thanks to the rules in GUFW/UFW on my Ubuntu machine.

What is weird is when I close my laptop (not sure it goes into actual standby mode or what) and come back several hours later to "wake it up", the Wifi connection remains active but the VPN disconnects. At that point if I then browse the internet - my IP shows my "true" IP?! The Firewall remains enabled so i don't understand how this is possible. I toggled the VPN back on and then it all works as expected. Not sure if I need to toggle the firewall too... will try next time this happens. Any ideas what is wrong?



Just to clarify: it seems that if my laptop goes into suspend mode, it stops the VPN and the GUFW/UFW. When I later wake the machine up I am back to square one.

Anyone know how to stop this from happening?

#31 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 06 January 2013 - 12:00 PM

Worric thanks! I got the printer working!

So now I have the connection on VPN and when I disconnect the VPN my internet stops working - thanks to the rules in GUFW/UFW on my Ubuntu machine.

What is weird is when I close my laptop (not sure it goes into actual standby mode or what) and come back several hours later to "wake it up", the Wifi connection remains active but the VPN disconnects. At that point if I then browse the internet - my IP shows my "true" IP?! The Firewall remains enabled so i don't understand how this is possible. I toggled the VPN back on and then it all works as expected. Not sure if I need to toggle the firewall too... will try next time this happens. Any ideas what is wrong?



Just to clarify: it seems that if my laptop goes into suspend mode, it stops the VPN and the GUFW/UFW. When I later wake the machine up I am back to square one.

Anyone know how to stop this from happening?



Hello!

When your laptop wakes up, Ubuntu should execute the script /etc/pm/sleep.d (this admin is assuming that you're running Ubuntu...).

So you might add a restart command for gufw/ufw there, if it is killed when the laptop goes to sleep.

Kind regards

#32 magnumpi

magnumpi

    Member

  • Members
  • PipPip
  • 24 posts

Posted 07 January 2013 - 01:49 AM

Sorry - yes I am using Ubuntu 12.04 but I am not a particularly expert Linux user so apologies if I need further explanation. Are you saying I should manually run that command on wake? Is there a way to automate this so I won't forget?

#33 Guest_rbj_*

Guest_rbj_*
  • Guests

Posted 13 February 2013 - 01:03 PM

Can someone show me how to write one of Worric's iptable rules? It's this one: "sudo allow in on tun0 from any to any port xxxxx" - enables the port forwarding feature by allowing packets to the specified port on the tun0 interface to pass through. I figured out all the rest through research and trial and error.

I know to use "sudo ufw" but after that I'm totally stuck I tried every way I could think of and still can't get it right. And I know this is important.

Thanks.

#34 itsasunnyray

itsasunnyray

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 14 February 2013 - 06:18 AM

I did just that "sudo allow in on tun0 from any to any port (and your port number)" with no problem, the difference is that I never use sudo but rather su and the password so I stay "in" all the time. Maybe you wrote capital "O" instead of the number "0". I used a port in the 50 thousands, try different ones above 2048. I put my chosen forwarded port in Transmission first, I don't know if it made a difference but it worked.

#35 vs.gruescu

vs.gruescu

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 24 May 2013 - 08:41 PM

Gufw rules works perfect for me!!! And i'm not an expert on linux.

(Ubuntu 12.04)

 

 

Thanks worric!



#36 candtalan

candtalan

    Member

  • Members
  • PipPip
  • 12 posts

Posted 18 June 2013 - 10:05 PM

With Ubuntu 12.04 and gufw, and airvpn (with openvpn), udp, 443

 

I am hoplessly failing to set up gufw, (or understand), to arrange that if the vpn drops out then the browser (firefox) ceases.

 

Examples and previous comments  - various - seem to be using firestarter which seems to be no longer current, or seem to assume knowledge of gufw which I do not yet have :-(

I have used a tutorial and gufw to simply deny all in and out, but allow only the browser, seems to work. But I am mostly inexperienced about ports, and I am very unclear about how gufw should handle openvpn (and airvpn?) (??)

Some novice level details will be much appreciated...

tia



#37 candtalan

candtalan

    Member

  • Members
  • PipPip
  • 12 posts

Posted 04 July 2013 - 10:10 PM

Can anyone please help with how to use gufw for this? I need to use gui (not script and ufw) to get to understand what goes on....

For example I can use airvpn cassiopia (31.193.12.98) but what do I do in gufw (attached screenshot) to create a useful first rule - hoping for something like worric  did with scripts etc?

tia

Attached Thumbnails

  • gufw-Screenshot from 2013-07-04 23:02:35.png


#38 Mukahami25

Mukahami25

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 19 July 2013 - 05:48 PM

Hi, I used the guide to set up Firestarter, and it looks like it is geting the job done, when the vpn drops I no longer have any connection to the internet. There is a small issu that is worring me thou: When I am looking at the traffic in the Firestarter gui, the wlan0 activity is constantly higher than the tun0. This might be a noob question, but does that mean that some of my traffic is not going throu the VPN??



#39 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 19 July 2013 - 08:07 PM

Hello,

 

the traffic on the physical interface is equal to the sum of the traffic on the tun interface plus the overhead plus the internal network traffic plus some more (for example ping to VPN server) - so it is always higher than the tun0 traffic. If it's reasonably higher, it's perfectly normal. Browse to our web site and check the central bottom box for additional security (it must be green), or browse to http://ipleak.net

 

Kind regards



#40 Vucnu

Vucnu

    Member

  • Members
  • PipPip
  • 16 posts

Posted 14 August 2013 - 08:04 AM

Hi,

 

Since I'm using fedora,

 

can you help me to set up some rules usin firewallD, the default firewall in fedora?







1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 13008 - BW: 41029 Mbit/sYour IP: 54.92.174.226Guest Access.