Hello folks !
I'm a newbie, first days on linux oriented stuff, but I wanna do great things !
My plan is to have a Freenas server and to do lots of things within. First I installed PiHole on it to in a VM using Ubuntu 18.04 TLS. Working perfectly. I had to stop DHCP server on my router to use PiHole (activating DHCP inside). Then on an another VM I installed another Ubuntu 18.04 TLS to VPN all my network. I followed point by point Jeff's Craft Computer tutorial (https://www.youtube.com/watch?v=xFficDCEv3c) to do it but I got issues when I'm doing
Code:
sudo bash /etc/openvpn/iptables.sh
If I do sudo bash connect.sh I'm connecting to openvpn, i'm sure it works because curl ifconfig.me gives me another address than my public address and I can ping 8.8.8.8 correctly from here. But when I do sudo bash iptables.sh before, I can't even ping google, all connections are blocked.
All my computers are on 192.168.1.xx (Freenas on 30, PiHole on 40, Openvpn on 50....).
Here is my iptables.sh file, and I don't know what to do then.
Hope you can help me And I hope I'im clear enough, I'm new to this and not english
Code:
#!/bin/bash
# Flush
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
# Block All
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
# allow Localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Make sure you can communicate with any DHCP server
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
iptables -A INPUT -s 255.255.255.255 -j ACCEPT
# Make sure that you can communicate within your own network
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
# Allow established sessions to receive traffic:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow TUN
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
# allow VPN connection
iptables -I OUTPUT 1 -p udp --destination-port 1194 -m comment --comment "Allow VPN connection" -j ACCEPT
# Block All
iptables -A OUTPUT -j DROP
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
# Log all dropped packages, debug only.
iptables -N logging
iptables -A INPUT -j logging
iptables -A OUTPUT -j logging
iptables -A logging -m limit --limit 2/min -j LOG --log-prefix "IPTables general: " --log-level 7
iptables -A logging -j DROP
echo "saving"
iptables-save > /etc/iptables.rules
echo "done"
#echo 'openVPN - Rules successfully applied, we start "watch" to verify IPtables in realtime (you can cancel it as usual CTRL + c)'
#sleep 3
#watch -n 0 "sudo iptables -nvL"