I tried firstly to find and understand guides, but without success.
At this moment I have configured OpenVPN server, and all traffic I think it is through it. And that is good .
It confused me because in network adapters on both devices (network card and TAP device) I see that I have Internet access.
But I tested it on funny way . I stayed connected to OpenVPN, and restarted server, while it restarting I did not have internet connection untill server was come online again.
But that is exactly what I want!. To have all internet traffic through OpenVPN connection.
There is one problem. I want to limit that connection to only few our servers. And I tried to block all outgoing traffic except ssh, and udp openvpn, but unfortunatelly still have access to internet.
This is what I did until now, and obviously my iptables knowledge is not good enough because I did not blocked it.
This is current status
Code: Select all
[root@vpn ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT udp -- anywhere anywhere udp spt:openvpn
Code: Select all
[root@vpn ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.8.0.0/24 anywhere
I want firstly to block all traffic, and then enable only FTP, MySQL, MSSQL, SSH, RDP, etc etc... to few our servers. Also to browse websites also which are hosted on those servers.
Can you help me about understanding iptables, where I'm in wrong?