help with ipfw and openvpn

Status
Not open for further replies.

alifeinhifi

Cadet
Joined
Jul 27, 2014
Messages
2
Fair warning - I'm a noob with freenas. I'm trying to set up ipfw in a jail to block all traffic except to a VPN that has already been set up and is working properly. I've read up on ipfw, but clearly I'm doing something wrong. Was using this post as my original guide http://forums.freenas.org/index.php...-a-jail-so-it-only-connects-to-the-vpn.18669/ . Any help you could offer would be much appreciated!

these rules should be for my DNS, but starting ipfw and trying to ping anything results in hostname lookup failure. I got these IPs from my VPN.

Code:
add 01000 allow log udp from 192.168.1.0/24 to 184.75.220.106 dst-port 53 keep-state
add 01002 allow log udp from 192.168.1.0/24 to 89.248.172.121 dst-port 53 keep-state


This line should be to enable traffic on my local network, but this doesn't work either - my remote services connecting to the jail disconnect immediately

Code:
add 01004 allow ip from 192.168.1.0/24 to 196.168.1.0/24 keep-state


the IPs I want to allow communication with - xxx.xxx.xxx.xxx is filled in with values from my openvpn.conf. I have no idea if this is working or not yet, as I havent gotten past the first two problems

Code:
add 02000 allow ip from 192.168.1.0/24 to xxx.xxx.xxx.xxx keep-state
add 02004 allow ip from 192.168.1.0/24 to xxx.xxx.xxx.xxx keep-state
add 02008 allow ip from 192.168.1.0/24 to xxx.xxx.xxx.xxx keep-state
add 02012 allow ip from 192.168.1.0/24 to xxx.xxx.xxx.xxx keep-state


and finally, deny everything else

Code:
add 65534 deny ip from any to any


I assume I'm correct in using 192.168.1.0/24 - my subnet mask is 255.255.255.0 (which my research tells me is why i use the '0/24' and ip range is 192.168.1.2 to 192.168.1.254.

What totally obvious thing am I missing? Thanks!
 
Status
Not open for further replies.
Top