iptables mistake?

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
adam12
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 06, 2014 7:55 pm

iptables mistake?

Post by adam12 » Thu Mar 06, 2014 9:30 pm

I had a working openvpn server setup on my vps. Then I followed this tutorial to configure iptables. https://www.digitalocean.com/community/ ... n-centos-6
Which I guess flushed my openvpn rules. So I tried adding them back.
Now I cannot connect. I'm new to iptables. How do I fix or get back to the original completely open config?

Code: Select all

iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:urd 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:15094 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:openvpn 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  10.8.0.0/24          anywhere            
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  10.8.0.0/24          anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   

adam12
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 06, 2014 7:55 pm

Re: iptables mistake?

Post by adam12 » Fri Mar 07, 2014 12:11 am

Ok Delete a rule
iptables -L [CHAIN] --line-numbers
iptables -D [CHAIN] [number]

This is what I have now. I think I just have to open udp port 1194.

Code: Select all

iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x00 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x3F 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:465 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:995 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:143 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:993 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:xxxxxx
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     all  --  10.8.0.0/24          0.0.0.0/0           

Chain OUTPUT (policy ACCEPT)

spynappels
OpenVpn Newbie
Posts: 3
Joined: Sat Jun 28, 2014 8:06 pm

Re: iptables mistake?

Post by spynappels » Sun Jun 29, 2014 1:17 pm

Could you post the output of

Code: Select all

iptables -vnL
Your rules look like they will block pretty much all TCP traffic if you drop all SYN packets, unless those first few rules are interface specific...

Post Reply