Transmission with OpenVPN in jail "remote webGUI"

[BlakeNagel07]

As the title says, i am running OpenVPN inside my Transmission Jail. With doing so i can no longer connect to the webGUI remotely outside of the house "i.e. while at work"

there is a firewall running for transmission to only download will connected through VPN and i know this is whats blocking my remote connection.

My question is, can i add something to the firewall that would allow access from a specific IP address "i.e. my work IP" to connect to the webGUI remotely?

Below the firewall settings.

Code:

#!/bin/bash
# Flush out the list before we begin
ipfw -q -f flush

# Set rules command prefix
cmd="ipfw -q add"
vpn="tun1"

# allow all local traffic on the loopback interface
$cmd 00001 allow all from any to any via lo0

# allow any connection to/from VPN interface
$cmd 00010 allow all from any to any via $vpn

# allow connection to/from LAN by Transmission
$cmd 00101 allow all from me to 10.0.0.1/24 uid transmission
$cmd 00102 allow all from 10.0.0.1/24 to me uid transmission

# deny any Transmission connection outside LAN that does not use VPN

 

[kdragon75]

Assuming you have port forwarding setup on your router, you should be able to add an allow rule for your works WAN IP. Also if your paranoid, you should restrict you firewall rules further to only the ports and protocols needed for he services you use.

allow all from any to any

is great for troubleshooting but should never be used in "production"....


/me quickly fixes his own firewall rules on vlan interfaces....

 

[BlakeNagel07]

Assuming you have port forwarding setup on your router, you should be able to add an allow rule for your works WAN IP. Also if your paranoid, you should restrict you firewall rules further to only the ports and protocols needed for he services you use.
is great for troubleshooting but should never be used in "production"....


/me quickly fixes his own firewall rules on vlan interfaces....

Could you help with modifying my firewall code above? I have a few ports open for the vpn and transmission.

I am by no far an expert at doing this but once I have a understanding of it I can make things come together.

 

[kdragon75]

Read through the FreeBSD ipfw(8) man page. Its long and will put you to sleep but your answers are all there.
Given your config, that means to allow you work IP on the main interface you would need to know the name of the interface and your works IP. The line should read something like this:

Code:

# allow web connection from work
$cmd 00020 allow TCP from *work IP*/32 to *Transmissions IP* via *interface name*

To find the interface name in your jail, run ifconfig and find the interface with the IP you want to connect to.

You will still likely need to setup port forwarding on your router. I have no clue what your router is but you will need to forward the web port (9091 i think) to the IP of your jail.

Please note, I don't work with ipfw. I may have the syntax wrong I just skimmed the docs.

 

[BlakeNagel07]

ifconfig from transmission jail list the following

Code:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
		options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
		inet6 ::1 prefixlen 128
		inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
		inet 127.0.0.1 netmask 0xff000000
		nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair6b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
		options=8<VLAN_MTU>
		ether 02:db:ef:00:09:0b
		inet 10.0.0.51 netmask 0xffffff00 broadcast 10.0.0.255
		nd6 options=9<PERFORMNUD,IFDISABLED>
		media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
		status: active
tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
		options=80000<LINKSTATE>
		inet 10.48.10.6 --> 10.48.10.5 netmask 0xffffffff
		nd6 options=1<PERFORMNUD>
		Opened by PID 2368

i modified my ipfw rules to the following

Code:

#!/bin/bash
# Flush out the list before we begin
ipfw -q -f flush

# Set rules command prefix
cmd="ipfw -q add"
vpn="tun1"

# allow all local traffic on the loopback interface
$cmd 00001 allow all from any to any via lo0

# allow any connection to/from VPN interface
$cmd 00010 allow all from any to any via $vpn

# allow connection to/from LAN by Transmission
$cmd 00101 allow all from me to 10.0.0.1/24 uid transmission
$cmd 00102 allow all from 10.0.0.1/24 to me uid transmission

# allow web connection from work
$cmd 00020 allow TCP from 24.123.36.206/32 to 10.0.0.51 via
epair6b

# deny any Transmission connection outside LAN that does not use VPN
$cmd 00103 deny all from any to any uid transmission

when i restart the firewall i get the following message

Code:

ipfw: recv, xmit, via require interface name or address
/etc/ipfw.rules: epair6b: not found
Firewall rules loaded.

epair6b uses the ip assigned to the transmission jail from my router that has my ports forwarded on.