Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Dec 2007
    Posts
    10

    Default Configure iptables on Linux Router Box to pass VPN Trafic

    Hi,

    I am getting stuck to configure a linux box in front on the Untangle to passmy VPN Traffix

    My Config :

    Internet traffic 1 for VPN --| Linux Router|
    Internet 2 Web, and other --| with Iptable |--| Untangle Box |--|My Network

    I configure VPN Server on my Untangle Box, and I want to forward the traffix from my Internet Connection 1 to Untangle with a masq from the Public ip 1, but without success :-(
    Details Config :
    Eth0 (internet Connection 1) Public IP : 203.X.X.58/29
    Eth1 (Connect to Untangle) : 10.0.0.1/24
    Eth 2 (connection Internet 2)

    Untangle : IP 10.0.0.2/24

    Iptables Rules for VPN on my Linux Box
    Code:
    echo "autorise port 1194"
    iptables -A INPUT -i eth0  -p udp --dport 1194 -j ACCEPT
    iptables -A OUTPUT -o eth0 -p udp --sport 1194 -j ACCEPT
    
    # Translate VPN data (port 1194) to Untangle 
    echo "Nat Translation for VPN "
    iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1194 -j DNAT --to 10.0.0.2
    iptables -t nat -A POSTROUTING -o eth0 -p udp --sport 1194 -j SNAT --to 203.X.X.58
    If I do telnet from a vpn client to telnet 203.X.X.58 1194 : I have no reply :-(

    Thanks for your help.

  2. #2
    Newbie
    Join Date
    Dec 2007
    Posts
    10

    Default

    Ok so writting it, sleeping on it, and i finaly find it :-)

    I forget the forward. So final command is :
    Code:
    echo " [Rule for VPN]"
    # Accept data from Internet on eth0 from port 1194
    echo "autorise port 1194"
    iptables -A INPUT -i eth0  -p udp --dport 1194 -j ACCEPT
    iptables -A OUTPUT -o eth0 -p udp --sport 1194 -j ACCEPT
    # Translate VPN data (port 1194) to Untangle 
    echo "Nat Translation for VPN to St Yusuf"
    iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1194 -j DNAT --to 10.0.0.2
    iptables -t nat -A POSTROUTING -o eth0 -p udp --sport 1194 -j SNAT --to 203.X.X.58
    # Forward VPN Traffic from Internet to Untanlge
    echo "Forward VPN port 1194 to untangle"
    iptables -A FORWARD -p udp -s 0/0 --destination-port 1194  -j ACCEPT

  3. #3
    Newbie
    Join Date
    Aug 2008
    Posts
    8

    Default

    I'm not entirely sure, but I think i have the same issue.. unfortunately i haven't resolved it.

    I have setup the openvpn to export hosts...
    when the client connects to the openvpn , everything seems to work fine. however, i can't view the shares on the network... i can't ping the addresses either. I can however remote desktop into a specific machine from the host network.

    any ideas on how to make it view the shares and ping and all the other good things?

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by igpf View Post
    I'm not entirely sure, but I think i have the same issue.. unfortunately i haven't resolved it.

    I have setup the openvpn to export hosts...
    when the client connects to the openvpn , everything seems to work fine. however, i can't view the shares on the network... i can't ping the addresses either. I can however remote desktop into a specific machine from the host network.

    any ideas on how to make it view the shares and ping and all the other good things?
    He's talking about configuring port forwarding on a linux router *in front of* the untangle server.

    check the routing table on your connected hosts. check that your address pool doesn't overlap your current network, and that whatever you're trying to connect to is exported.
    test with IPs - not hostnames.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,488

    Default

    And don't forget that your LAN clients will be using the router as their gateway not the UT server. So if you want the LAN clients to be able to communicate with the OpenVPN cloud you need to configure a route in the router that moves the cloud's range to the UT server for routing. Otherwise the VPN will come up but the local computers don't have a route to that network.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Aug 2008
    Posts
    8

    Default

    Thanks guys. But as it turns out, I was blocking the Samba/SMB protocol in the "Protocols" section. My samba shares are alive!!!

    Thanks again.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2