Hi, I have setup openvpn on my raspberry Pi at home so I can access my home network from anywhere this is all working great. However, I want to enable my firewall on the Pi but when I do I cannot access the Internet on connected devices or access other devices on the home network.
Currently I am having to connect to the VPN, then SSH to the Pi (via its local address), disable the firewall, do whatever I wanted to do then enable the firewall again when I am finished.
Anyone know what I need to allow through? I have tried to alow all local (192.168.1.0/24) and all VPN range local traffic (10.8.0.0/24) but it's still not working.
Many thanks,
Jack
[Solved] Firewall help Raspberry Pi SSH
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Dec 11, 2015 4:03 pm
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Firewall help
Allow all and install fail2ban.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Dec 11, 2015 4:03 pm
Re: Firewall help
Hi Traffic,
Thanks for your reply and I will checkout fail2ban as it could be a nice addition.
But my issue must be a Pi firewall rule issues as when I disable the Pi firewall it all works fine.
I would like to use my current firewall (UFW) but perhaps fail2ban in addition. I understand with fail2ban people COULD (& I know it's unlikely) access services (if they guessed the password early enough).
With the firewall I can block certain internal ports from everyone except the computer that I need it to access.
Sent from my iPhone using Tapatalk
Thanks for your reply and I will checkout fail2ban as it could be a nice addition.
But my issue must be a Pi firewall rule issues as when I disable the Pi firewall it all works fine.
I would like to use my current firewall (UFW) but perhaps fail2ban in addition. I understand with fail2ban people COULD (& I know it's unlikely) access services (if they guessed the password early enough).
With the firewall I can block certain internal ports from everyone except the computer that I need it to access.
Sent from my iPhone using Tapatalk
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Dec 11, 2015 4:03 pm
Re: Firewall help
The solution that worked for me is:
Then find:
Change to:
Hope this helps someone!
Code: Select all
$ sudo nano /etc/default/ufw
Code: Select all
DEFAULT_FORWARD_POLICY="DROP"
Code: Select all
DEFAULT_FORWARD_POLICY="ACCEPT"