I set up an older laptop as an OpenVPN server for my home network (and a dwarffortress server, but that's beside the point). This is the first time I've set something like this up - I wanted a secure way of being able to ssh into my home network from outside.
In any case, I got it working (finally figured out I needed to port forward 1194 on my router), but I wanted to make sure that I'm not opening up things in the wrong way. Do these iptables-rules look reasonable?:
# Generated by iptables-save v1.4.21 on Sun Dec 28 02:16:10 2014
*nat
:PREROUTING ACCEPT [3:517]
:INPUT ACCEPT [3:517]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.88.0/24 -o wlp3s0 -j MASQUERADE
COMMIT
# Completed on Sun Dec 28 02:16:10 2014
# Generated by iptables-save v1.4.21 on Sun Dec 28 02:16:10 2014
*filter
:INPUT ACCEPT [323:24107]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [152:13348]
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -s 192.168.88.0/24 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sun Dec 28 02:16:10 2014
Aucun commentaire:
Enregistrer un commentaire