Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


Questions and Answers

Loading... Loading...

Hi , 

I am a linux user. my computer has been connected successfully to APM VPN network using chrome browser. Tunnel is up, private address is assigned correctly, I can ping internal resource, open tcp connection and access private web server successfully. The issue is,  network status on my browser states that I have been disconnected and no traffic statistic appear. I was struggling and found that it's caused by iptables. When I turned that off I got the correct result. But I wonder what rules shall I add to get correct VPN status . please see my attachment for detail view.  I tried to log the rejected packet (#13) but to no avail

APM public address 192.168.77.119 (VPN gateway)

internal network 172.16.2.0/24 

assigned network (tunnel dhcp)  10.10.10.0/24

my iptables configuration : 

 

# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5902 
2    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ldap 
3    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
4    ACCEPT     icmp --  anywhere             anywhere            
8    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
9    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ipp 
10   ACCEPT     udp  --  anywhere             224.0.0.251         state NEW udp dpt:mdns 
11   ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ipp 
12   ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ipp 
13   LOG        all  --  anywhere             anywhere            LOG level warning 
14   REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
 
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
 
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
//tunnel already up and address assigned 
# ip -4 addr | grep tun
58: tun0: mtu 1384 qdisc pfifo_fast state UNKNOWN qlen 500
    inet 10.10.10.10 peer 1.1.1.1/32 scope global tun0
 
//ping can reach internal server and tcp connection also ok 
# ping 172.16.2.4 
PING 172.16.2.4 (172.16.2.4) 56(84) bytes of data.
64 bytes from 172.16.2.4: icmp_seq=1 ttl=63 time=5.63 ms
^C
--- 172.16.2.4 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 651ms
rtt min/avg/max/mdev = 5.636/5.636/5.636/0.000 ms
 
 
any idea ? 
 
 

 

Thanks

Ian Wijaya 


1 Answer(s):

Never mind. Found it...
iptables -I INPUT 13 -s 127.0.0.1 -d 127.0.0.1 -p tcp --dport 44444 -j ACCEPT

Your answer:

You must be logged in to reply. You can login here.