iptables for AS0_WEBACCEPT

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
jcpamart
OpenVpn Newbie
Posts: 16
Joined: Tue Apr 21, 2020 4:15 pm

iptables for AS0_WEBACCEPT

Post by jcpamart » Tue Dec 28, 2021 1:13 pm

Hi,
I have just install openvpn on a Debian11.
I have write iptables command to let coming input/output/forward a port, but it still closed.
So, what is the commande line to have the same iptables line, like this : (cause the 943 is officialy open....)

AS0_WEBACCEPT tcp -- anywhere mywebsite.com state NEW tcp dpt:943
With another tcp / udp port ?

Cause if I write : iptables -I INPUT -p udp --dport XXXX -j ACCEPT
The port still closed.

Thanks for your help
Best regards

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: iptables for AS0_WEBACCEPT

Post by openvpn_inc » Sun Jan 02, 2022 1:49 pm

Hi jc,

Two things. First, in recent Debian you're not actually using iptables; it's using iptables-nft, the translation layer for nft. We do not support this. Use update-alternatives(1) to set iptables to iptables-legacy.

Second, if a port is forwarded using a DNAT target in the nat table, that packet will not be seen in the filter table's INPUT chain. It would go into the FORWARD chain.

Show your

Code: Select all

iptables-save -c
output if you need help with this (of course after you update-alternatives, and then to be sure nft is gone, reboot.)

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply