Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd June 2013, 16:54
m33ts4k0z m33ts4k0z is offline
Junior Member
 
Join Date: Jun 2013
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default ISPConfig3, Bastille Firewall and OpenVPN: The solution of this mystery.

Hello,

I was trying to setup OpenVPN on my Debian Wheezy server for the last 4 days. After a lot of mess ups and after some runs at the office to re-enable the firewall rulles since I managed to lock myself out from the remote desktop several times, I now managed to fix this.

For some reason Bastille wouldn't accept the following rules manually:

Code:
 iptables -A INPUT -i tun+ -j ACCEPT
 iptables -A FORWARD -i tun+ -j ACCEPT
 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Although these commands would work without Bastille enabled, they wouldn't if it was enabled. No error was received and the rules were getting inserted in the iptables but Bastille would just ignore them.

The solution was simple afterall:

Open /etc/Bastille/bastille-firewall.cfg
Search for:
TRUSTED_IFACES="lo"
Change to:
TRUSTED_IFACES="lo tun+"
Search for:
IP_MASQ_NETWORK=""
Change to:
IP_MASQ_NETWORK="10.8.0.0/24"
Save and exit the file.
Restart the firewall:
/etc/init.d/bastille-firewall restart

Done.


Is that suppose to happen? Aren't we supposed to be able to insert rules ourselves even when Bastille is enabled? I know that we can add ports through the web interface but how do we add a NAT rule properly?
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't Ping over VPN RoMiONeT Server Operation 2 4th July 2010 01:19


All times are GMT +2. The time now is 07:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.