Skip to main content

Thread: Unable to forward packets between interfaces

-

i've been working on setting openvpn server testing. i'm trying set routed vpn between lan (172.28.0.0/16)the problem i'm having server isn't routing traffic between interfaces. example, if ping server's eth0 interface tun0 (ping -i tun0 172.28.4.16), don't responses. here network diagram:


i'm using ufw firewall. i've edited /etc/ufw/sysctl.conf such allow ip forwarding.
code:
net/ipv4/ip_forward=1    net/ipv4/conf/all/accept_redirects=0  net/ipv4/conf/default/accept_redirects=0  net/ipv6/conf/all/accept_redirects=0  net/ipv6/conf/default/accept_redirects=0    net/ipv4/icmp_echo_ignore_broadcasts=1  net/ipv4/icmp_ignore_bogus_error_responses=1  net/ipv4/icmp_echo_ignore_all=0    net/ipv4/conf/all/log_martians=0  net/ipv4/conf/default/log_martians=0
i've edited /etc/default/ufw allow ip forwarding.
code:
ipv6=no    default_input_policy="drop"    default_output_policy="accept"    default_forward_policy="accept"    default_application_policy="skip"    manage_builtins=no    ipt_sysctl=/etc/ufw/sysctl.conf    ipt_modules="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"
eth0 configured promiscuous.
code:
root@vpn:~# ip sh  1: lo: <loopback,up,lower_up> mtu 16436 qdisc noqueue state unknown      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00      inet 127.0.0.1/8 scope host lo      inet6 ::1/128 scope host         valid_lft forever preferred_lft forever  2: eth0: <broadcast,multicast,promisc,up,lower_up> mtu 1500 qdisc pfifo_fast state qlen 1000      link/ether 00:15:5d:02:18:14 brd ff:ff:ff:ff:ff:ff      inet 172.28.4.16/16 brd 172.28.255.255 scope global eth0      inet6 fe80::215:5dff:fe02:1814/64 scope link         valid_lft forever preferred_lft forever  3: tun0: <pointopoint,multicast,noarp,up,lower_up> mtu 1500 qdisc pfifo_fast state unknown qlen 100      link/none      inet 172.29.0.1 peer 172.29.0.2/32 scope global tun0
here current ufw rules.
code:
root@vpn:~# ufw status  status: active                            action       --                         ------      ----  openssh                    allow       172.28.0.0/16  openvpn                    allow       anywhere  openssh                    allow       172.29.0.0/22
in /etc/ufw/before.rules have configured nat.
code:
#custom nat rules start here.  *nat  :postrouting accept [0:0]    -a postrouting -s 172.29.0.0/22 -o eth0 -j masquerade    commit  #custom nat rules end here.   #beyond point nothing default ufw config.    *filter  :ufw-before-input - [0:0]  :ufw-before-output - [0:0]  :ufw-before-forward - [0:0]  :ufw-not-local - [0:0]      -a ufw-before-input -i lo -j accept  -a ufw-before-output -o lo -j accept    -a ufw-before-input -m state --state related,established -j accept  -a ufw-before-output -m state --state related,established -j accept    -a ufw-before-input -m state --state invalid -j ufw-logging-deny  -a ufw-before-input -m state --state invalid -j drop    -a ufw-before-input -p icmp --icmp-type destination-unreachable -j accept  -a ufw-before-input -p icmp --icmp-type source-quench -j accept  -a ufw-before-input -p icmp --icmp-type time-exceeded -j accept  -a ufw-before-input -p icmp --icmp-type parameter-problem -j accept  -a ufw-before-input -p icmp --icmp-type echo-request -j accept    -a ufw-before-input -p udp --sport 67 --dport 68 -j accept    -a ufw-before-input -j ufw-not-local    -a ufw-not-local -m addrtype --dst-type local -j return    -a ufw-not-local -m addrtype --dst-type multicast -j return    -a ufw-not-local -m addrtype --dst-type broadcast -j return    -a ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny  -a ufw-not-local -j drop    -a ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j accept    -a ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j accept    commit
is there step missing? doing wrong here?

firstly, not sure ping natted masquerade, server may trying respond 172.29.0.1 via internet.

don't see wrong in config, bit of debugging:

use command "sudo iptables-save -c" output iptables config along counters see how many hits each entry has had. make sure counters count expected numbers of hits perform testing.

use command "sudo tcpdump -i eth0" see packets going through eth0 testing. check addresses etc. on packets testing.


Forum The Ubuntu Forum Community Ubuntu Specialised Support Ubuntu Servers, Cloud and Juju Server Platforms [SOLVED] Unable to forward packets between interfaces


Ubuntu

Comments

Post a Comment

Popular posts from this blog

Could not place because the source rectangle is empty

-
up until 3pm yesterday, illustrator cs6 , photoshop cs6 worked without hitch @ 3pm, of sudden message 'could not place because source rectangle empty'. doing dragging 1 of our company logos photoshop illustrator .eps file holds our graphics. have done hundreds of timnes before , either way or highlight image in illustrator , paste photoshop. either way still getting error message.   nothing has happened in settings (that aware of) , google gives me numerous results of point @ fact may have corrupt .eps file. not case. if try , drag , drop or copy , paste various different fiele .jpg .png , .eps or .ai have same issue.   i uninstalled photoshop morning re-installed see if fix issue no such luck.   as is, affecting work , sure there workarounds ie. if go file/open , open file way works no eps file holds many seperate graphics once opened in photoshop, seperate images become 1 image.   can this? are getting problem when copying/dragging 1 specific illustrator document or affecti
Read more

Thread: Using smartcard reader with vpnc

-
Image
anyone know how smartcard reader talk vpnc under ubuntu? i've got omnikey 3121 lsusb finds code: bus 004 device 003: id 076b:3021 omnikey ag cardman 3121 opensc-tool ignores ("no smart card readers found"). posted bkline anyone know how smartcard reader talk vpnc under ubuntu? i've got omnikey 3121 lsusb finds code: bus 004 device 003: id 076b:3021 omnikey ag cardman 3121 opensc-tool ignores ("no smart card readers found"). bump. Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Hardware [all variants] Using smartcard reader with vpnc Ubuntu
Read more

Adobe Font Folio 7.0 or just 7?

-
someone deleted my question about adobe font folio 7. looking informations related adobe font folio 7 released march 13, 1995 , can not find ( not even a picture of original packaging). know if, later versions, called 7.0 or 7. thank much. i seem recall called adobe font folio v7.0 , , @ age memory fails me enough can't state under oath; quick google searck on precisely adobe font folio v7.0 returns bunch of hits on pirate software sites.  don't know if that's reliable enough you, until adobe staff chimes in, that's best got far.  More discussions in Type & Typography adobe
Read more