[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] Map network drives

Subject: Re: [Openvpn-users] Map network drives
From: Matteo Lunardi <matteo.lunardi@xxxxxxxxx>
Date: Wed, 03 Nov 2004 18:30:25 +0100

Emmanuel Polet ha scritto:

I'm not quite sure what iptables rules to add... Would this do : iptables -A INPUT -s 10.3.0.2 -i eth0 -p udp -m udp --dport 137:138 -j ACCEPT iptables -A OUTPUT -s 10.3.0.2 -o eth1 -p udp -m udp --dport 137:138 -j ACCEPT
etc. ?
Would that be enough ?

You must use the tun interface, since on the external real interface (eth0 ?) the packets come encrypted. With ipchains I use the following rules, supposing 10.3.0.2 the IP of the openvpn client and 10.0.0.0 255.255.255.0 the network on which the shares are; I have filter rules also for packets from internal interface (eth1 for me), so there are rules also for eth1 in my example.

Bye.
Matteo.

P.s.: I know that in ipchains there's the option -b for bidirectional rules, but I don't remember why I didn' use it... ;-)

#tun0 rules ipchains -A input -j ACCEPT -i tun0 -p udp -s 10.3.0.2/32 137 -d 10.0.0.0/24 137 ipchains -A output -j ACCEPT -i tun0 -p udp -s 10.0.0.0/24 137 -d 10.3.0.2/32 137

ipchains -A input -j ACCEPT -i tun0 -p udp -s 10.3.0.2/32 138 -d 10.0.0.0/24 138 ipchains -A output -j ACCEPT -i tun0 -p udp -s 10.0.0.0/24 138 -d 10.3.0.2/32 138

ipchains -A input -j ACCEPT -i tun0 -p tcp -s 10.3.0.2/32 -d 10.0.0.0/24 139 ipchains -A output -j ACCEPT -i tun0 -p tcp -s 10.0.0.0/24 139 -d 10.3.0.2/32

ipchains -A input -j ACCEPT -i tun0 -p tcp -s 10.3.0.2/32 -d 10.0.0.0/24 445 ipchains -A output -j ACCEPT -i tun0 -p tcp -s 10.0.0.0/24 445 -d 10.3.0.2/32

#eth1 rules ipchains -A input -j ACCEPT -i eth1 -p udp -s 10.0.0.0/24 137 -d 10.3.0.2/32 137 ipchains -A output -j ACCEPT -i eth1 -p udp -s 10.3.0.2/32 137 -d 10.0.0.0/24 137

ipchains -A input -j ACCEPT -i eth1 -p udp -s 10.0.0.0/24 138 -d 10.3.0.2/32 138 ipchains -A output -j ACCEPT -i eth1 -p udp -s 10.3.0.2/32 138 -d 10.0.0.0/24 138

ipchains -A input -j ACCEPT -i eth1 -p tcp -s 10.0.0.0/24 139 -d 10.3.0.2/32 ipchains -A output -j ACCEPT -i eth1 -p tcp -s 10.3.0.2/32 -d 10.0.0.0/24 139

ipchains -A input -j ACCEPT -i eth1 -p tcp -s 10.0.0.0/24 445 -d 10.3.0.2/32 ipchains -A output -j ACCEPT -i eth1 -p tcp -s 10.3.0.2/32 -d 10.0.0.0/24 445

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

References:
- FW: FW: [Openvpn-users] Map network drives
  - From: Conor Rafferty
- Re: FW: FW: [Openvpn-users] Map network drives
  - From: Leonard Isham
- Re: FW: FW: [Openvpn-users] Map network drives
  - From: Emmanuel Polet
- Re: [Openvpn-users] Map network drives
  - From: Matteo Lunardi
- Re: [Openvpn-users] Map network drives
  - From: Emmanuel Polet

Prev by Date: [Openvpn-users] Tar openvpn and complzo?
Next by Date: Re: [Openvpn-users] Map network drives
Previous by thread: Re: [Openvpn-users] Map network drives
Next by thread: Re: [Openvpn-users] Map network drives
Index(es):
- Date
- Thread