HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   IP tables blocking remote vpn access (http://www.howtoforge.com/forums/showthread.php?t=42385)

dalitso 4th January 2010 11:25

IP tables blocking remote vpn access
 
I have reason to believe that my iptables configuration is blocking me from accessing a remote vpn server.

I am using ubuntu server 8.04 setup as a gateway and this problem was not there when I used to use shorewall firewall. I do most of my configurations using webmin and a few commands here and there.

I recently changed to iptables (linux firewall on webmin) so that I can setup a transparent proxy. The transparent proxy works fine.

here is my iptables rules


Code:

  GNU nano 2.0.7                        File: /etc/iptables.up.rules                                              Modified

:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Dec 26 12:17:04 2009
# Generated by iptables-save v1.3.8 on Sat Dec 26 12:17:04 2009
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j DNAT --to-destination 192.168.1.20:3128
COMMIT
# Completed on Sat Dec 26 12:17:04 2009
# Generated by iptables-save v1.3.8 on Sat Dec 26 12:17:04 2009
*raw
:PREROUTING ACCEPT [152:16506]
:OUTPUT ACCEPT [135:60036]
COMMIT
# Completed on Sat Dec 26 12:17:04 2009



I get Error 619: A connection to the remote computer could not be established, so the port for this connection was closed.
In windows xp when I try to access a remote vpn server.


Any help sorting this problem using the same iptables or shorewall will be appreciated.

By the way, I never manage to transparent proxy with shorewall

topdog 4th January 2010 15:47

your firewall is not blocking any thing. all the your chains have a policy of accept

dalitso 4th January 2010 15:51

Thank you for replying. Glad to know the firewall is not responsible. So what may the problem be?

topdog 4th January 2010 15:52

You need to check on the remote side.

dalitso 4th January 2010 15:58

I am going to do that. It's only that when I either use shorewall on my ubuntu server box and not iptables, I can access the remote server or when I connect my xp pc straight to my adsl router, I can also access it.

topdog 4th January 2010 16:02

That could be because shorewall turns on ip forwarding for you automatically what is the output of

Code:

cat /proc/sys/net/ipv4/ip_forward
if it is a zero run

Code:

echo "1" >> /proc/sys/net/ipv4/ip_forward
Then test.

dalitso 4th January 2010 16:30

Code:

cat /proc/sys/net/ipv4/ip_forward
outputs "1"

topdog 4th January 2010 16:31

whats the output of
Code:

iptables -vnL

dalitso 4th January 2010 16:33

Code:

root@wani:~# iptables -vnL
Chain INPUT (policy ACCEPT 6721K packets, 6352M bytes)
 pkts bytes target    prot opt in    out    source              destination                                             

Chain FORWARD (policy ACCEPT 27866 packets, 3919K bytes)
 pkts bytes target    prot opt in    out    source              destination                                             

Chain OUTPUT (policy ACCEPT 6782K packets, 6590M bytes)
 pkts bytes target    prot opt in    out    source              destination


topdog 4th January 2010 16:35

sorry, use this to see the nat table

Code:

iptables -t nat -vnL


All times are GMT +2. The time now is 08:24.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.