Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
StrikeTwo
PostPosted: Wed Mar 28, 2012 8:41 am 
Offline
Newbie

Joined: Wed Mar 28, 2012 8:37 am
Posts: 3
Hello,

I installed and configured OpenVPN. The question is: how can I allow ONLY people in the VPN to access "delicated" services like ssh?

# ifconfig

Code:
...
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:336 (336.0 B)
...


But if I bind ssh to "10.8.0.1" it doesn't work.

Also, is there a way for VPN users to access to the applications binded on the private LAN IP given by linode?

Thanks for the reply.
Top
   
Reply with quote  
Tech10
 Post subject:
PostPosted: Wed Mar 28, 2012 5:31 pm 
Offline
Junior Member

Joined: Tue Jun 21, 2011 12:55 am
Posts: 33
Website: http://www.vrnw.org
Hi,
In my opinion, the best way to do this would be to use iptables rules. Add some like the following:
iptables -I INPUT -i tun0 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
That will accept all connections from your VPN network, and will drop any connection to port 22 from the public network. You could then put the iptables commands in a shell script and execute it using the /etc/rc.local file. That should work across most linux distributions. Alternatively, you could save the iptables rules like so:
iptables-save >/etc/iptables.rules
Now, run this command to restore them.
iptables-restore </etc/iptables.rules

Also, you may want to check out the following article:
http://library.linode.com/security/firewalls/iptables

There may be alternative methods, and probably more secure ones too. You could, for instance, only accept incoming connections from certain VPN ip addresses with iptables and allow those connections to access certain ports, but I assume you'd trust anyone on your VPN network.

Good luck, and feel free to respond with any questions you might have. The excellent community here is happy to help.
Top
   
Reply with quote  
StrikeTwo
 Post subject:
PostPosted: Thu Mar 29, 2012 11:49 am 
Offline
Newbie

Joined: Wed Mar 28, 2012 8:37 am
Posts: 3
It doesn't work for me. I followed the guide on the linode library, thought.
Top
   
Reply with quote  
Tech10
 Post subject:
PostPosted: Thu Mar 29, 2012 12:11 pm 
Offline
Junior Member

Joined: Tue Jun 21, 2011 12:55 am
Posts: 33
Website: http://www.vrnw.org
Could you output the contents of your iptables rules? The command is
iptables -L
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group