<snip>
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0
224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631
8 560 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:202
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:1194
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
</snip>
Carte blanche iptables commands to allow your openvpn tunnel full access would be...
if you're using openvpn on tap0...
iptables -I RH-Firewall-1-INPUT -i tap0 -j ACCEPT
if you're using openvpn on tun0...
iptables -I RH-Firewall-1-INPUT -i tun0 -j ACCEPT
1. iptables commands are case-sensitive so enter exactly what I've typed.
2. Substitute tap0 or tun0 with whatever is your openvpn's device name.
These commands simply insert a rule into the beginning of the RH-Firewall-1-INPUT chain that accepts all traffic from the specified interfaces. If you want to allow only connections to specific ports the commands will need to be modified.
Finally, you'll probably want to save these changes to your automatically loaded firewall config.
Hope that helps, kk
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|