Results 1 to 4 of 4

Thread: How to prevent non VPN traffic?

Hybrid View

  1. May 4th, 2012 #1
    dshuck
    dshuck is offline 5 Cups of Ubuntu
    Join Date
    Jun 2006
    Beans
    34

    How to prevent non VPN traffic?

    I have a VPN adapter that is configured as adapter ppp0. My intention is to ensure that all my traffic goes through that VPN connection. What I have found is that occassionally, that VPN connection will drop out and traffic will begin routing through wlan0 without being obvious to me.

    Could someone point me to how I might best be able to ensure that I have no traffic running across wlan0, other than of course the ability to create the connection to ppp0?

    I have seen a recommendation that pointed to this: http://pastebin.com/qPM84b7z, however, I honestly have virtually no idea how to implement it, and am a little worried that I am going to do something that I may have trouble reversing out of.

    Any advice would be appreciated.
    ~Dave
    www.daveshuck.com
    Advanced reply Adv Reply  
  2. May 5th, 2012 #2
    dshuck
    dshuck is offline 5 Cups of Ubuntu
    Join Date
    Jun 2006
    Beans
    34

    Re: How to prevent non VPN traffic?

    If anyone else comes across this, it was amazingly simple. First I backed up my current good iptables configuration like this:

    Code:
    sudo iptables-save > ~/iptables/working.iptables.rules
    Then I took the sample iptables file that I linked above (putting it below in case it disappears in the future) and saved it as ~/iptables/vpn.iptables.rules

    Code:
    # Begin Here
*filter
:OUTPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
# Comment

## Wireless Rules 

# DHCP and DNS
-I INPUT -i wlan0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
-A INPUT -i wlan0 -p udp --sport 53 -j ACCEPT
-A OUTPUT -o wlan0 -p udp --dport 53 -j ACCEPT
# PPTP and GRE for outbound VPN connections
-I OUTPUT -o wlan0 -p tcp --dport 1723 -j ACCEPT
-I OUTPUT -o wlan0 --proto gre -j ACCEPT
# Allow comms with home network
-I OUTPUT -o wlan0 -d 192.168.99.0/24 -j ACCEPT


## VPN Firewall Rules

# Allow anything outbound
-I OUTPUT -o ppp0 -j ACCEPT


## Loopback Firewall Rules

# Allow anything
-I INPUT -i lo -j ACCEPT
-I OUTPUT -o lo -j ACCEPT


COMMIT
    I then restored iptables using that file like this:
    Code:
    sudo iptables-restore < ~/iptables/vpn.iptables.rules
    And that's it. When I drop my VPN, I can no longer hit any remote resource. When I bring it back up, all is well!
    ~Dave
    www.daveshuck.com
    Advanced reply Adv Reply  
  3. May 5th, 2012 #3
    strask's Avatar
    strask
    strask is offline Gee! These Aren't Roasted!
    Join Date
    Apr 2012
    Location
    Phoenix, Arizona
    Beans
    166
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How to prevent non VPN traffic?

    Thanks for updating your post with this solution!
    Advanced reply Adv Reply  
  4. May 6th, 2012 #4
    dcstar
    dcstar is offline Ubuntu addict and loving it
    Join Date
    Feb 2005
    Location
    Melbourne, Australia
    Beans
    13,510
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How to prevent non VPN traffic?

    Quote Originally Posted by dshuck View Post
    If anyone else comes across this, it was amazingly simple.
    .........
    Then please MARK the thread!
    Regards, David.
    Please use the Forum search and Wiki search for immediate help
    Please mark your thread as Solved when appropriate
    New to technical forums?: How To Ask Questions The Smart Way
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct