Posts

Showing posts with the label Firewall

Can I Use Ufw To Setup A Port Forward?

Answer : Solution 1: Let's say you want to forward requests going to 80 to a server listening on port 8080. Note that you will need to make sure port 8080 is allowed, otherwise ufw will block the requests that are redirected to 8080. sudo ufw allow 8080/tcp There are no ufw commands for setting up the port forwards, so it must be done via configuraton files. Add the lines below to /etc/ufw/before.rules , before the filter section, right at the top of the file: *nat :PREROUTING ACCEPT [0:0] -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 COMMIT Then restart and enable ufw to start on boot: sudo ufw enable Solution 2: Since ufw 0.34 ufw supports forward rules. example: sudo ufw route allow in on eth0 out on eth1 to 10.0.0.0/8 port 8080 from 192.168.0.0/16 port 80 You also need to make sure you have the sysctl net.ipv4.ip_forward enabled. For most distributions, that's done by editing /etc/sysctl.conf and running sysctl -p or rebooting....
Post a Comment
Read more

Can't Connect To PPTP VPN With Ufw Enabled On Ubuntu 14.04 With Kernel 3.18

Answer : This is caused by a change for security reason in kernel 3.18 [1]. There are two ways to fix this. First approach is adding this rule to the file /etc/ufw/before.rules before the line # drop INVALID packets ... -A ufw-before-input -p 47 -j ACCEPT Second approach is manually loading the nf_conntrack_pptp module. You can do this by running sudo modprobe nf_conntrack_pptp To load this module on every boot on Ubuntu, add it to the file /etc/modules . For more recent versions of ufw a solution is instead: sudo ufw allow proto gre from [PPTP gateway IP address] sudo systemctl restart ufw Add nf_conntrack_pptp to /etc/modules-load.d/pptp.conf One liner echo nf_conntrack_pptp | sudo tee /etc/modules-load.d/pptp.conf Explanation The accepted answer works for me, especially the 2nd suggestion--loading the nf_conntrack_pptp kernel module--as opposed to modifying my iptables firewall. My laptop firewall is otherwise unmodified. sudo ufw enable without excepti...
Post a Comment
Read more

Assign Static IPs To Tap Clients In PfSense's OpenVPN Server

Answer : Solution 1: After some deep digging I found a bug in pfSense's Redmine tracker. This states that the OpenVPN server is missing the client-config-dir variable. Adding mode server;client-config-dir /var/etc/openvpn-csc; to the advanced server options as well as providing the client specific override ifconfig-push [IP] [netmask] did the trick. Solution 2: Some update from my experience: Valid for pfsense 2.3.2 Missing option "client-config-dir" was fixed. now its good. but now, by default, openvpn server config in pfsense has option "username-as-common-name" So in client specific override in field "Common Name" try to write username instead of the Common Name . if you have problems with assigning static IPs, try to inspect your openvpn server config in "/var/etc/openvpn/server1.conf" for that option. P.S. ifconfig-push option remain the same
Post a Comment
Read more