OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

iptables for AS0_WEBACCEPT

https://forums.openvpn.net/viewtopic.php?t=33509

Page 1 of 1

iptables for AS0_WEBACCEPT

Posted: Tue Dec 28, 2021 1:13 pm
by jcpamart
Hi,
I have just install openvpn on a Debian11.
I have write iptables command to let coming input/output/forward a port, but it still closed.
So, what is the commande line to have the same iptables line, like this : (cause the 943 is officialy open....)

AS0_WEBACCEPT tcp -- anywhere mywebsite.com state NEW tcp dpt:943
With another tcp / udp port ?

Cause if I write : iptables -I INPUT -p udp --dport XXXX -j ACCEPT
The port still closed.

Thanks for your help
Best regards

Re: iptables for AS0_WEBACCEPT

Posted: Sun Jan 02, 2022 1:49 pm
by openvpn_inc
Hi jc,

Two things. First, in recent Debian you're not actually using iptables; it's using iptables-nft, the translation layer for nft. We do not support this. Use update-alternatives(1) to set iptables to iptables-legacy.

Second, if a port is forwarded using a DNAT target in the nat table, that packet will not be seen in the filter table's INPUT chain. It would go into the FORWARD chain.

Show your

Code: Select all

iptables-save -c
output if you need help with this (of course after you update-alternatives, and then to be sure nft is gone, reboot.)

regards, rob0
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/