Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
Nick_
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Dec 22, 2015 8:01 pm
Post
by Nick_ » Tue Dec 22, 2015 8:03 pm
I have a Debian Server setup with OpenVPN and apache running great. Currently the apache services are accessible to everyone. I want to restrict them to only be accessible to clients connected via the VPN.
Here is my incorrect UFW settings
Code: Select all
Status: active
Logging: off
Default: deny (incoming), allow (outgoing)
New profiles: skip
To Action From
-- ------ ----
53 ALLOW IN Anywhere
60000:61000/udp ALLOW IN Anywhere
1194/udp ALLOW IN Anywhere
2812/tcp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
80/tcp on tun0 ALLOW IN Anywhere
443/tcp on tun0 ALLOW IN Anywhere
80/tcp ALLOW IN 10.8.0.0/24
443/tcp ALLOW IN 10.8.0.0/24
80/tcp ALLOW IN 10.1.0.0/16
443/tcp ALLOW IN 10.1.0.0/16
53 ALLOW IN Anywhere (v6)
60000:61000/udp ALLOW IN Anywhere (v6)
1194/udp ALLOW IN Anywhere (v6)
2812/tcp ALLOW IN Anywhere (v6)
22/tcp ALLOW IN Anywhere (v6)
80/tcp on tun0 ALLOW IN Anywhere (v6)
443/tcp on tun0 ALLOW IN Anywhere (v6)
80/tcp ALLOW OUT 10.1.0.0/16
443/tcp ALLOW OUT 10.1.0.0/16
80/tcp ALLOW OUT Anywhere on tun0
443/tcp ALLOW OUT Anywhere on tun0
80/tcp ALLOW OUT Anywhere (v6) on tun0
443/tcp ALLOW OUT Anywhere (v6) on tun0
Anyone have any idea how to accomplish what I'm trying to do? I feel like it should be pretty easy, but I have wasted a lot of time on this so far.
-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Post
by Traffic » Wed Jan 06, 2016 3:48 pm
Nick_ wrote:Here is my incorrect UFW settings
Personally, I would use
iptables and set rules to block packets to your services except for the VPN packets.
It is
relatively easy to do ..
-
marceloramone
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Feb 25, 2016 1:49 pm
Post
by marceloramone » Wed Mar 02, 2016 5:15 pm
Hello,
I'M trying to do the same config!
Here is my incorrect setup to close apache access:
Code: Select all
22 ALLOW Anywhere
1194/udp ALLOW Anywhere
80/tcp ALLOW 10.8.0.0/24 »» this rule should be fine in order to allow apache access for openvpn clients but ufw block the traffic.
Also I did this steps:
in /etc/default/ufw conf:
in /etc/ufw/before.rules conf:
Code: Select all
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Syslog:
Any idea please?
I need just close apache access for public, only ovpn connected clients should be able to access.
-
sierracircle
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Mar 03, 2016 3:18 pm
Post
by sierracircle » Thu Mar 03, 2016 9:49 pm
..Just a thought, but I believe you can achieve this with a few lines in your .htaccess file:
Order Deny,Allow
Deny from all
Allow from 192.168.1.1/24 ##or whatever your subnet