Again Connection but no Internet

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Dr.One
OpenVpn Newbie
Posts: 4
Joined: Sun Sep 15, 2019 2:46 pm

Again Connection but no Internet

Post by Dr.One » Sun Sep 15, 2019 2:54 pm

Hi there,

i´m using tumbleweed and about 1 Week testing everythin in my Config to run OpenVPN. Connection with my Phone is possible but i cant share my servers internetconnection to my users.

Here is my Config :

Server Config
# Which local IP address should OpenVPN
# listen on? (optional)

local 192.168.178.23

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194

# TCP or UDP server?
;proto tcp
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/easy-rsa/pki/ca.crt
cert /etc/easy-rsa/pki/issued/server.crt
key /etc/easy-rsa/pki/private/server.key

# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh2048.pem 2048
dh /etc/easy-rsa/pki/dh.pem

# Network topology
# Should be subnet (addressing via IP)
# unless Windows clients v2.0.9 and lower have to
# be supported (then net30, i.e. a /30 per client)
# Defaults to net30 (not recommended)
topology subnet

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses. You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"



;push "route 192.168.0.0 255.255.255.0"

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
#push "redirect-gateway def1 bypass-dhcp"


;push "redirect-gateway"


# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"



;push "dhcp-option DNS 192.168.178.1"
;push "dhcp-option DNS 192.168.178.1"



# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
duplicate-cn

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth /etc/easy-rsa/ta.key 0

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC

# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"

# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nobody

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log openvpn.log
;log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1



route-nopull

Code: Select all

# Which local IP address should OpenVPN
# listen on? (optional)

local 192.168.178.23

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.  You will need to
# open up this port on your firewall.
port 1194

# TCP or UDP server?
;proto tcp
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one.  On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).  Each client
# and the server must have their own cert and
# key file.  The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys.  Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/easy-rsa/pki/ca.crt
cert /etc/easy-rsa/pki/issued/server.crt
key /etc/easy-rsa/pki/private/server.key

# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh2048.pem 2048
dh /etc/easy-rsa/pki/dh.pem

# Network topology
# Should be subnet (addressing via IP)
# unless Windows clients v2.0.9 and lower have to
# be supported (then net30, i.e. a /30 per client)
# Defaults to net30 (not recommended)
topology subnet

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file.  If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface.  Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0.  Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients.  Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses.  You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"



;push "route 192.168.0.0 255.255.255.0"

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
#   iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN.  This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
#   ifconfig-push 10.9.0.1 10.9.0.2

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients.  There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
#     group, and firewall the TUN/TAP interface
#     for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
#     modify the firewall in response to access
#     from different clients.  See man
#     page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
#push "redirect-gateway def1 bypass-dhcp"


;push "redirect-gateway"


# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.  CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"



;push "dhcp-option DNS 192.168.178.1"
;push "dhcp-option DNS 192.168.178.1"



# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names.  This is recommended
# only for testing purposes.  For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
duplicate-cn

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
#   openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth /etc/easy-rsa/ta.key 0

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC

# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"

# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nobody

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it.  Use one
# or the other (but not both).
;log         openvpn.log
;log-append  openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# Silence repeating messages.  At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1



route-nopull
Added OpenVPN to public, trusted and directed:

Code: Select all

firewall-cmd --zone=public --add-service openvpn
firewall-cmd --zone=public --add-service openvpn 
firewall-cmd --zone=trusted --add-interface tun0 
firewall-cmd --zone=trusted --add-masquerade  
tried with firewalld active and deactive.. Same issue.
Servers IP : 192.168.178.23
Gateway 192.168.178.1

tried with 10000000 Settings and many Forums... but still no connection :(
Maybe anyone here can help me and find my fault.

Thanks in adv.

Dr.One
OpenVpn Newbie
Posts: 4
Joined: Sun Sep 15, 2019 2:46 pm

Re: Again Connection but no Internet

Post by Dr.One » Wed Sep 18, 2019 7:00 pm

Sorry for Push... i got it working. OpenSuse needs to open a New VPN Connection with YAST!!!! :evil: :evil: :evil: :evil: :evil:

Now i can Send and receive Messages in Whatsapp but no Voice messages or any Websites.. I tried with 8.8.8.8 DNS in my Client but the same issue :(
any Ideas?

Reg.

300000
OpenVPN Power User
Posts: 57
Joined: Tue May 01, 2012 9:30 pm

Re: Again Connection but no Internet

Post by 300000 » Thu Sep 19, 2019 10:50 am

there are two range of ip from 192.168.178.0 and 10.8.0.0 . so when the openvpn client connet to the server it is ip got an ip in range 10.8.0.* and if you and to communication go throungh you need some how connec tow network range anyway. in linux firewall if you input this

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE it will nat one ip range from one to aother so it is up to you when thinking about openvpn client cant go anywhere becouse it is stay at ip 10.8.0.*


basic you need make your server enable routing ip and nat routing so the client can go to internet, you can use putty connet to your server and copy and run command below so your client con have internet

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward =1

Dr.One
OpenVpn Newbie
Posts: 4
Joined: Sun Sep 15, 2019 2:46 pm

Re: Again Connection but no Internet

Post by Dr.One » Tue Sep 24, 2019 3:55 pm

Thanks. Still added this commands.

Could solve it with : push "dhcp-option DNS 0.0.0.0"

EDIT: Not working again :(

Code: Select all

Sep 25 13:03:56 linux-qda1 openvpn[8206]: 80.187.XXX:3556 [yasiiphone] Peer Connection Initiated with [AF_INET]80.187.1XXX:3556
Sep 25 13:03:56 linux-qda1 openvpn[8206]: yasiiphone/80.187.1XXX2:3556 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Sep 25 13:03:56 linux-qda1 openvpn[8206]: yasiiphone/80.187.1XXXX2:3556 MULTI: Learn: 10.8.0.2 -> yasiiphone/80.1XXX2:3556
Sep 25 13:03:56 linux-qda1 openvpn[8206]: yasiiphone/80.187.1XXX2:3556 MULTI: primary virtual IP for yasiiphone/80.1XXX2:3556: 10.8.0.2
Sep 25 13:03:56 linux-qda1 openvpn[8206]: yasiiphone/80.187.1XXX2:3556 PUSH: Received control message: 'PUSH_REQUEST'
Sep 25 13:03:56 linux-qda1 openvpn[8206]: yasiiphone/80.187.1XXX2:3556 SENT CONTROL [yasiiphone]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 0.0.0.0,route-gateway 10.8>
Sep 25 13:03:56 linux-qda1 openvpn[8206]: yasiiphone/80.1XX2:3556 Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 25 13:03:56 linux-qda1 openvpn[8206]: yasiiphone/80.1XXX2:3556 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 25 13:03:56 linux-qda1 openvpn[8206]: yasiiphone/80.187.XXX2:3556 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 25 13:04:55 linux-qda1 openvpn[8206]: yasiiphone/80.187.1XXX2:3556 SIGTERM[soft,remote-exit] received, client-instance exiting
again Connection possible but no internet.

its something with Opensuse DNS Server or Network Server.... i cant find any Howto´s, how to change the settings on Opensuse... i´m 100% sure it´s because of DNS Server from YAST2!

had never such problems with Ubuntu. ( Can´t install Ubuntu because of Dell Mainboard and Raid function. Ubuntu can´t be installed on my Device with Raid 1 ;( )

300000
OpenVPN Power User
Posts: 57
Joined: Tue May 01, 2012 9:30 pm

Re: Again Connection but no Internet

Post by 300000 » Wed Sep 25, 2019 11:48 pm

on the server config I didnot see dns push to openvpn client . so how the openvpn client have dns info to find the the way out ?do you run your owe dns server or you use public dns address? can you add this line into your server config push "dhcp-option DNS 8.8.4.4 " so the client have public dns to use , if you run dns server change it ip to see it work or not

Dr.One
OpenVpn Newbie
Posts: 4
Joined: Sun Sep 15, 2019 2:46 pm

Re: Again Connection but no Internet

Post by Dr.One » Thu Sep 26, 2019 5:17 am

Thanks but the same issue. i pushed DNS by 0.0.0.0 and it worked about 2 days. after restarting the server, again no connections anymore. with pushing 8.8.8.8 and 8.8.4.4 is the same. i tried with 192.168.178.1 ( this is the DNS which get all my systems in my Home from the Fritzbox. )... Same issue.

What i think, it´s something with my Opensuse. as i got the internetconenction, i tried manythings before with Networkmanager in Opensuse and i don´t have any Ideas, which Settings was changed. When i try to set Network to Wicked, i have Internetconnection on my Server. 'When its managed by Networkmanager, no Internet on both (Server and Client(No connection possible for clients because my Server has no Internet)).. I think i changed last time something, which worked.

Maybe can this help ?

Code: Select all

 iptables -vL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
1981K   99M ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
17131 5549K ACCEPT     all  --  lo     any     anywhere             anywhere
82331   20M INPUT_direct  all  --  any    any     anywhere             anywhere
82331   20M INPUT_ZONES_SOURCE  all  --  any    any     anywhere             anywhere
82331   20M INPUT_ZONES  all  --  any    any     anywhere             anywhere
 1969  653K DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
16809 1451K REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere
  188 12037 FORWARD_direct  all  --  any    any     anywhere             anywhere
  188 12037 FORWARD_IN_ZONES_SOURCE  all  --  any    any     anywhere             anywhere
  188 12037 FORWARD_IN_ZONES  all  --  any    any     anywhere             anywhere
  188 12037 FORWARD_OUT_ZONES_SOURCE  all  --  any    any     anywhere             anywhere
  188 12037 FORWARD_OUT_ZONES  all  --  any    any     anywhere             anywhere
    0     0 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
  188 12037 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 2025K packets, 215M bytes)
 pkts bytes target     prot opt in     out     source               destination
2025K  215M OUTPUT_direct  all  --  any    any     anywhere             anywhere

Chain FORWARD_IN_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 FWDI_public  all  --  eth0   any     anywhere             anywhere            [goto]
    0     0 FWDI_public  all  --  wlan0  any     anywhere             anywhere            [goto]
  188 12037 FWDI_public  all  --  tun2   any     anywhere             anywhere            [goto]
    0     0 FWDI_public  all  --  tun1   any     anywhere             anywhere            [goto]
    0     0 FWDI_public  all  --  tun    any     anywhere             anywhere            [goto]
    0     0 FWDI_public  all  --  tun0   any     anywhere             anywhere            [goto]
    0     0 FWDI_public  all  --  +      any     anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_OUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination
  188 12037 FWDO_public  all  --  any    eth0    anywhere             anywhere            [goto]
    0     0 FWDO_public  all  --  any    wlan0   anywhere             anywhere            [goto]
    0     0 FWDO_public  all  --  any    tun2    anywhere             anywhere            [goto]
    0     0 FWDO_public  all  --  any    tun1    anywhere             anywhere            [goto]
    0     0 FWDO_public  all  --  any    tun     anywhere             anywhere            [goto]
    0     0 FWDO_public  all  --  any    tun0    anywhere             anywhere            [goto]
    0     0 FWDO_public  all  --  any    +       anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDI_public (7 references)
 pkts bytes target     prot opt in     out     source               destination
  188 12037 FWDI_public_log  all  --  any    any     anywhere             anywhere
  188 12037 FWDI_public_deny  all  --  any    any     anywhere             anywhere
  188 12037 FWDI_public_allow  all  --  any    any     anywhere             anywhere
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere

Chain FWDI_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDI_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDI_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDO_public (7 references)
 pkts bytes target     prot opt in     out     source               destination
  188 12037 FWDO_public_log  all  --  any    any     anywhere             anywhere
  188 12037 FWDO_public_deny  all  --  any    any     anywhere             anywhere
  188 12037 FWDO_public_allow  all  --  any    any     anywhere             anywhere

Chain FWDO_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDO_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDO_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination
82331   20M IN_public  all  --  eth0   any     anywhere             anywhere            [goto]
    0     0 IN_public  all  --  wlan0  any     anywhere             anywhere            [goto]
    0     0 IN_public  all  --  tun2   any     anywhere             anywhere            [goto]
    0     0 IN_public  all  --  tun1   any     anywhere             anywhere            [goto]
    0     0 IN_public  all  --  tun    any     anywhere             anywhere            [goto]
    0     0 IN_public  all  --  tun0   any     anywhere             anywhere            [goto]
    0     0 IN_public  all  --  +      any     anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain IN_public (7 references)
 pkts bytes target     prot opt in     out     source               destination
82331   20M IN_public_log  all  --  any    any     anywhere             anywhere
82331   20M IN_public_deny  all  --  any    any     anywhere             anywhere
82331   20M IN_public_allow  all  --  any    any     anywhere             anywhere
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere

Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination
    5   236 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ftp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:ndmps:rwp ctstate NEW
  222 20868 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:netbios-ns ctstate NEW
  147 33115 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:netbios-dgm ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-ssn ctstate NEW
    7   364 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:microsoft-ds ctstate NEW
 1124 67024 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:amanda ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:amanda ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:10082 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:amqp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:amqps ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:apcupsd ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:bacula-dir ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:bacula-fd ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:bacula-sd ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:bacula-fd ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:bgp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:8333 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:8332 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:18333 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:18332 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:6800:7300 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ceph ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:radg ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:cfengine ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:condor ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ctdb ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ctdb ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:dhcpv6-server ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:distcc ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:domain ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:domain ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:commplex-main ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:swarm ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:7946 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:7946 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:vxlan ctstate NEW
    0     0 ACCEPT     esp  --  any    any     anywhere             anywhere             ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:db-lsp-disc ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:db-lsp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:vrace ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:wap-wsp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:etcd-client ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:etcd-server ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:finger ctstate NEW
  113  6780 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:https ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:kerberos ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:kerberos ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:kpasswd ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:kpasswd ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ntp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ldap ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:https ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:kerberos ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:kerberos ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:kpasswd ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:kpasswd ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ntp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ldaps ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:7389 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:epmap ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:netbios-dgm:netbios-ssn ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpts:netbios-dgm:netbios-ssn ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ldap ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ldap ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:microsoft-ds ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:microsoft-ds ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:1024:h323hostcallsc ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:msft-gc ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ftp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:8660 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:8651 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:git ctstate NEW
    0     0 ACCEPT     gre  --  any    any     anywhere             anywhere             ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:https ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:imap ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:imaps ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ipp ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ipp ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ipp ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:isakmp ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ipsec-nat-t ctstate NEW
    0     0 ACCEPT     ah   --  any    any     anywhere             anywhere             ctstate NEW
    0     0 ACCEPT     esp  --  any    any     anywhere             anywhere             ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ircu ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ircs-u ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:iscsi-target ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:iscsi-target ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http-alt ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:kerberos-adm ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:kerberos ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:kerberos ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:esmagent ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:klogin ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:kpasswd ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:kpasswd ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:tell ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:kshell ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ldap ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ldaps ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:16509 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:16514 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:sieve ctstate NEW
  664  110K ACCEPT     udp  --  any    any     anywhere             224.0.0.251          udp dpt:mdns ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:trivnet1 ctstate NEW
15272 3420K ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ssdp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:27017 ctstate NEW
    1   376 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpts:60000:61000 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:mountd ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:mountd ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:mqtt ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:secure-mqtt ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ms-wbt-server ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ms-sql-s ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:64738 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:64738 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:mysql ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:nfs ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:nfs ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:nfs ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:nmea-0183 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:nmea-0183 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:nrpe ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ntp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:nut ctstate NEW
    6   431 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:openvpn ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:54322 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:55863 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:39543 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:rockwell-csp2 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:pmcd ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:pmcdproxy ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:pmwebapi ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:44324 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:pop3 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:pop3s ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:postgresql ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:privoxy ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:altserviceboot ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ptp-event ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ptp-general ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:4713 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:puppet ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:4242 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:radius ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:radius ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:radius-acct ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:radius-acct ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:redis ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:domain ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:domain ctstate NEW
   27 10360 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpts:bootps:tftp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:https ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:commplex-main ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:vfmobile:5647 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:amqps ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:irdmi ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http-alt ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:puppet ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:websm ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:sunrpc ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:sunrpc ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:shell ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:rsync ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:rsync ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:4505 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:4506 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:netbios-ns ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:netbios-dgm ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:sane-port ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:sip ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:sip ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:sips ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:sips ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:svrloc ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:svrloc ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:smtp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:submission ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:urd ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:snmp ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:snmp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:snmptrap ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:snmptrap ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:21327 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:21328 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ndl-aas ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:svdrp ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:svdrp-disc ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:svn ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:snapenetio ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:21027 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:8384 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:24800 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:syslog ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:syslog-tls ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:syslog-tls ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:telnet ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:tftp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:5901 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:5801 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:tinc ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:tinc ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:versiera ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:51413 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:51413 ctstate NEW
43608   14M ACCEPT     udp  --  any    any     anywhere             anywhere             udp spt:ssdp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:54321 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:rfb:6923 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:49152:49216 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:rfb:5903 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:wbem-http ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:wbem-https ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:wsman ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:wsmans ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:x11:x11 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpts:x11:x11 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:xdmcp ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:xdmcp ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:xmpp-bosh ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:xmpp-client ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:presence ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:xmpp-server ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:zabbix-agent ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:zabbix-trapper ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:https ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:bootps ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:49152:49215 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:sesi-lm:cft-3 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpts:sesi-lm:cft-3 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:cslistener ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:etlservicemgr ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ssh ctstate NEW
 1459 87540 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:plex ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:microsoft-ds ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-ns ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-dgm ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:netbios-dgm ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:netbios-ns ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-ssn ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:0:garcon ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:pdb ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:10011 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:41144 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:conf ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:dsm-scm-target ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:pipe-server ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:25565 ctstate NEW
    1    44 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:25565 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ssdp ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:mdns ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:32410 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:geniuslm ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:8324 ctstate NEW
  897 53652 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:32469 ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:32400 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:openvpn ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:openvpn ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:radan-http ctstate NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:radan-http ctstate NEW

Chain IN_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain IN_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Post Reply