Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th January 2010, 11:25
dalitso dalitso is offline
Member
 
Join Date: Nov 2008
Location: South Africa
Posts: 43
Thanks: 3
Thanked 4 Times in 3 Posts
Send a message via Skype™ to dalitso
Default IP tables blocking remote vpn access

I have reason to believe that my iptables configuration is blocking me from accessing a remote vpn server.

I am using ubuntu server 8.04 setup as a gateway and this problem was not there when I used to use shorewall firewall. I do most of my configurations using webmin and a few commands here and there.

I recently changed to iptables (linux firewall on webmin) so that I can setup a transparent proxy. The transparent proxy works fine.

here is my iptables rules


Code:
  GNU nano 2.0.7                         File: /etc/iptables.up.rules                                              Modified

:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Dec 26 12:17:04 2009
# Generated by iptables-save v1.3.8 on Sat Dec 26 12:17:04 2009
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j DNAT --to-destination 192.168.1.20:3128
COMMIT
# Completed on Sat Dec 26 12:17:04 2009
# Generated by iptables-save v1.3.8 on Sat Dec 26 12:17:04 2009
*raw
:PREROUTING ACCEPT [152:16506]
:OUTPUT ACCEPT [135:60036]
COMMIT
# Completed on Sat Dec 26 12:17:04 2009


I get Error 619: A connection to the remote computer could not be established, so the port for this connection was closed.
In windows xp when I try to access a remote vpn server.


Any help sorting this problem using the same iptables or shorewall will be appreciated.

By the way, I never manage to transparent proxy with shorewall
Reply With Quote
Sponsored Links
  #2  
Old 4th January 2010, 15:47
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

your firewall is not blocking any thing. all the your chains have a policy of accept
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 4th January 2010, 15:51
dalitso dalitso is offline
Member
 
Join Date: Nov 2008
Location: South Africa
Posts: 43
Thanks: 3
Thanked 4 Times in 3 Posts
Send a message via Skype™ to dalitso
Default

Thank you for replying. Glad to know the firewall is not responsible. So what may the problem be?
Reply With Quote
  #4  
Old 4th January 2010, 15:52
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

You need to check on the remote side.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #5  
Old 4th January 2010, 15:58
dalitso dalitso is offline
Member
 
Join Date: Nov 2008
Location: South Africa
Posts: 43
Thanks: 3
Thanked 4 Times in 3 Posts
Send a message via Skype™ to dalitso
Default

I am going to do that. It's only that when I either use shorewall on my ubuntu server box and not iptables, I can access the remote server or when I connect my xp pc straight to my adsl router, I can also access it.
Reply With Quote
  #6  
Old 4th January 2010, 16:02
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

That could be because shorewall turns on ip forwarding for you automatically what is the output of

Code:
cat /proc/sys/net/ipv4/ip_forward
if it is a zero run

Code:
echo "1" >> /proc/sys/net/ipv4/ip_forward
Then test.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #7  
Old 4th January 2010, 16:30
dalitso dalitso is offline
Member
 
Join Date: Nov 2008
Location: South Africa
Posts: 43
Thanks: 3
Thanked 4 Times in 3 Posts
Send a message via Skype™ to dalitso
Default

Code:
cat /proc/sys/net/ipv4/ip_forward
outputs "1"
Reply With Quote
  #8  
Old 4th January 2010, 16:31
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

whats the output of
Code:
 iptables -vnL
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #9  
Old 4th January 2010, 16:33
dalitso dalitso is offline
Member
 
Join Date: Nov 2008
Location: South Africa
Posts: 43
Thanks: 3
Thanked 4 Times in 3 Posts
Send a message via Skype™ to dalitso
Default

Code:
root@wani:~# iptables -vnL
Chain INPUT (policy ACCEPT 6721K packets, 6352M bytes)
 pkts bytes target     prot opt in     out     source               destination                                              

Chain FORWARD (policy ACCEPT 27866 packets, 3919K bytes)
 pkts bytes target     prot opt in     out     source               destination                                              

Chain OUTPUT (policy ACCEPT 6782K packets, 6590M bytes)
 pkts bytes target     prot opt in     out     source               destination
Reply With Quote
  #10  
Old 4th January 2010, 16:35
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
 
Default

sorry, use this to see the nat table

Code:
iptables -t nat -vnL
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email Account: Disable IMAP only for remote access ignasigarcia Installation/Configuration 3 21st April 2009 16:41
Database remote access problem. JUtri General 3 30th September 2008 20:15
Can't Remote Access mysql 4.1 dedibox Installation/Configuration 2 24th August 2006 10:32
configuring IPTABLES firewall adityavpratap HOWTO-Related Questions 9 27th May 2006 21:42
Questions in regards to ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" rbrantley HOWTO-Related Questions 16 10th April 2006 18:26


All times are GMT +2. The time now is 07:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.