Skip to main content

Thread: Unable to forward packets between interfaces

-

i've been working on setting openvpn server testing. i'm trying set routed vpn between lan (172.28.0.0/16)the problem i'm having server isn't routing traffic between interfaces. example, if ping server's eth0 interface tun0 (ping -i tun0 172.28.4.16), don't responses. here network diagram:


i'm using ufw firewall. i've edited /etc/ufw/sysctl.conf such allow ip forwarding.
code:
net/ipv4/ip_forward=1    net/ipv4/conf/all/accept_redirects=0  net/ipv4/conf/default/accept_redirects=0  net/ipv6/conf/all/accept_redirects=0  net/ipv6/conf/default/accept_redirects=0    net/ipv4/icmp_echo_ignore_broadcasts=1  net/ipv4/icmp_ignore_bogus_error_responses=1  net/ipv4/icmp_echo_ignore_all=0    net/ipv4/conf/all/log_martians=0  net/ipv4/conf/default/log_martians=0
i've edited /etc/default/ufw allow ip forwarding.
code:
ipv6=no    default_input_policy="drop"    default_output_policy="accept"    default_forward_policy="accept"    default_application_policy="skip"    manage_builtins=no    ipt_sysctl=/etc/ufw/sysctl.conf    ipt_modules="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"
eth0 configured promiscuous.
code:
root@vpn:~# ip sh  1: lo: <loopback,up,lower_up> mtu 16436 qdisc noqueue state unknown      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00      inet 127.0.0.1/8 scope host lo      inet6 ::1/128 scope host         valid_lft forever preferred_lft forever  2: eth0: <broadcast,multicast,promisc,up,lower_up> mtu 1500 qdisc pfifo_fast state qlen 1000      link/ether 00:15:5d:02:18:14 brd ff:ff:ff:ff:ff:ff      inet 172.28.4.16/16 brd 172.28.255.255 scope global eth0      inet6 fe80::215:5dff:fe02:1814/64 scope link         valid_lft forever preferred_lft forever  3: tun0: <pointopoint,multicast,noarp,up,lower_up> mtu 1500 qdisc pfifo_fast state unknown qlen 100      link/none      inet 172.29.0.1 peer 172.29.0.2/32 scope global tun0
here current ufw rules.
code:
root@vpn:~# ufw status  status: active                            action       --                         ------      ----  openssh                    allow       172.28.0.0/16  openvpn                    allow       anywhere  openssh                    allow       172.29.0.0/22
in /etc/ufw/before.rules have configured nat.
code:
#custom nat rules start here.  *nat  :postrouting accept [0:0]    -a postrouting -s 172.29.0.0/22 -o eth0 -j masquerade    commit  #custom nat rules end here.   #beyond point nothing default ufw config.    *filter  :ufw-before-input - [0:0]  :ufw-before-output - [0:0]  :ufw-before-forward - [0:0]  :ufw-not-local - [0:0]      -a ufw-before-input -i lo -j accept  -a ufw-before-output -o lo -j accept    -a ufw-before-input -m state --state related,established -j accept  -a ufw-before-output -m state --state related,established -j accept    -a ufw-before-input -m state --state invalid -j ufw-logging-deny  -a ufw-before-input -m state --state invalid -j drop    -a ufw-before-input -p icmp --icmp-type destination-unreachable -j accept  -a ufw-before-input -p icmp --icmp-type source-quench -j accept  -a ufw-before-input -p icmp --icmp-type time-exceeded -j accept  -a ufw-before-input -p icmp --icmp-type parameter-problem -j accept  -a ufw-before-input -p icmp --icmp-type echo-request -j accept    -a ufw-before-input -p udp --sport 67 --dport 68 -j accept    -a ufw-before-input -j ufw-not-local    -a ufw-not-local -m addrtype --dst-type local -j return    -a ufw-not-local -m addrtype --dst-type multicast -j return    -a ufw-not-local -m addrtype --dst-type broadcast -j return    -a ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny  -a ufw-not-local -j drop    -a ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j accept    -a ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j accept    commit
is there step missing? doing wrong here?

firstly, not sure ping natted masquerade, server may trying respond 172.29.0.1 via internet.

don't see wrong in config, bit of debugging:

use command "sudo iptables-save -c" output iptables config along counters see how many hits each entry has had. make sure counters count expected numbers of hits perform testing.

use command "sudo tcpdump -i eth0" see packets going through eth0 testing. check addresses etc. on packets testing.


Forum The Ubuntu Forum Community Ubuntu Specialised Support Ubuntu Servers, Cloud and Juju Server Platforms [SOLVED] Unable to forward packets between interfaces


Ubuntu

Comments

Post a Comment

Popular posts from this blog

Thread: Firefox print dialog doesn't remember settings

-
hi, in ubuntu 12.04, firefox doesn't remember last used print settings in file - print (ctrl+p) dialog. need firefox remember exact settings used last time in print dialog. how this? in about :config, print.save_print_settings variable set true. still doesn't work. print file. have start on configuring print settings in print dialog, please help! i have same problem looks likes problem older firefox(gnome?) not respecting cups defaults doesnt seem there change it. if find solution please post here Forum The Ubuntu Forum Community Ubuntu Official Flavours Support General Help [ubuntu] Firefox print dialog doesn't remember settings Ubuntu
Read more

Error 400 - Photoshop services are not available

-
i keep getting error messge every time try log in. help? i take using pse 10 or earlier. photoshop.com dead , gone. should have received number of emails photos getting moved adobe revel, revel not direct replacement photoshop.com. can't use within pse. need stop using welcome screen, since try connect non-existent server:   http://barbarabrundage.com/2013/09/16/pse-8-9-10-cant-sign-in-error-404/ More discussions in Photoshop Elements adobe
Read more

After Effects error:creating resource file on Windows

-
hi   i have problem set of plugins developing. have 20 different plugins. after apply 10th plugin, gives following error on windows (cs6):   after effects error:creating resource file "....aex" ( 3 :: 0 )   i can have many instances of same plugin once have total of 10 different error comes up   one thing being enabled in plugin flag: pf_outflag_keep_resource_open   is culprit?   thanks in advance donj More discussions in After Effects SDK adobe
Read more