[OpenWireless Tech] No probl/ which VPN

Wed Nov 7 08:15:05 PST 2012

Hi!

On 18:27 Wed 07 Nov , "Andy Green (林安廸)" wrote:
...
> We need something like
> 
> iptables -A INPUT -i wlan0 -j DROP
> iptables -A INPUT -i wlan0 -p udp --dport 1194 -j ACCEPT
> iptables -A INPUT -i wlan0 -d 10.0.0.0/8 -p udp -j DROP
> iptables -A INPUT -i wlan0 -d 192.168.0.0/16 -p udp -j DROP
> iptables -A INPUT -i wlan0 -d 172.16.0.0/12 -p udp -j DROP

No, this is wrong:
1) The first rule will drop everything and all other rules will not apply.
2) INPUT == to a local program, we need forward
3) Why special caseing the pritate ip spaces?
4) openvpn needs tcp-1194 too

It should look like this:
#wlan0 == public wlan
#eth0 == internet
iptables -A FORWARD -i wlan0 -o eth0 -p udp --dport 1194 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -p tcp --dport 1194 -j ACCEPT
iptables -A FORWARD -i eth0 -o wlan0 -p udp --sport 1194 -j ACCEPT
iptables -A FORWARD -i eth0 -o wlan0 -p tcp --sport 1194 -j ACCEPT
iptables -A FORWARD -i wlan0 -j DROP
iptables -A FORWARD -o wlan0 -j DROP
iptables -A INPUT -i wlan0 -j DROP
iptables -A OUTPUT -o wlan0 -j DROP

	-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com