Linux – Basic IPTables setup for OpenVPN/HTTP/HTTPS server


I'm trying to get a basic IPTables setup on my server which will allow HTTP/SSH access, as well as enable the use of the server as an OpenVPN tunnel. The following is my current rule setup – the problem is OpenVPN queries (port 1194) seemed to be getting dropped as a result of this ruleset.

Pinging a website while logged into the VPN results in teh response:

Request timeout for icmp_seq 1
92 bytes from Destination Port Unreachable

When I clear the IPTable rules pinging from the VPN works fine. Any ideas?

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1194 -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! lo -d -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

Best Answer

Your VPN server(and client) is configured on TCP or on UDP ? You open just TCP. Put a log before the reject rules to see what is refused by your firewall : you can then change your rules accordingly.

