Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Questions and Answers



APM on Linux Environment

Hi , 

I am a linux user. my computer has been connected successfully to APM VPN network using chrome browser. Tunnel is up, private address is assigned correctly, I can ping internal resource, open tcp connection and access private web server successfully. The issue is,  network status on my browser states that I have been disconnected and no traffic statistic appear. I was struggling and found that it's caused by iptables. When I turned that off I got the correct result. But I wonder what rules shall I add to get correct VPN status . please see my attachment for detail view.  I tried to log the rejected packet (#13) but to no avail

APM public address (VPN gateway)

internal network 

assigned network (tunnel dhcp)

my iptables configuration : 


# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5902 
2    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ldap 
3    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
4    ACCEPT     icmp --  anywhere             anywhere            
8    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
9    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ipp 
10   ACCEPT     udp  --  anywhere            state NEW udp dpt:mdns 
11   ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ipp 
12   ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ipp 
13   LOG        all  --  anywhere             anywhere            LOG level warning 
14   REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
//tunnel already up and address assigned 
# ip -4 addr | grep tun
58: tun0: mtu 1384 qdisc pfifo_fast state UNKNOWN qlen 500
    inet peer scope global tun0
//ping can reach internal server and tcp connection also ok 
# ping 
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=5.63 ms
--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 651ms
rtt min/avg/max/mdev = 5.636/5.636/5.636/0.000 ms
any idea ? 



Ian Wijaya 

1 Answer(s):

Never mind. Found it...
iptables -I INPUT 13 -s -d -p tcp --dport 44444 -j ACCEPT

Your answer: