Find the answer to your Linux question:
Results 1 to 3 of 3

Thread: delete, empty

Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    [not solved] UFW IP leak and allowing LAN connections IN/OUT


    Hello, on ubuntu 16.04.4 my default iptables 1.6 policy for the INPUT & OUTPUT chain is DROP and i would like to add ACCEPT/ALLOW rule for local LAN IPs (so i can connect to lan and other LAN devices to me), i read some articles and they suggest example:

    iptables -A INPUT 192.168.0.0/24 -j ACCEPT
    iptables -A OUTPUT 192.168.0.0/24 -j ACCEPT

    linux said:
    ping: sendmsg: Operation not permitted

    the reason was probably that the UFW firewall was not knowing about that rules.

    So i want to ask how to allow it in UFW?

    I tried: ufw allow out from 192.168.0.0/16 to 192.168.0.0/16

    and it works to ping LAN IPs. Is it correct rule?

    Next issue i see is if i stop ufw, then computer somehow bypass the VPN and connect directly. Even VPN is enabled (via OS built in connectivity manager, not using any vpn client).
    When ufw is started, then per the ufw rules, only VPN connectivity is allowed and rest is blocked, so when i disable VPN, computer loose connectivity to the internet.

    How can i prevent this IP leak during ufw being terminated/stopped/dead ?

    Aim is not to allow bypassing VPN except LAN connections. Thank You
    Last edited by postcd; 03-08-2018 at 06:11 AM.

  2. #2
    Linux User
    Join Date
    Jul 2016
    Posts
    443
    Quote Originally Posted by postcd View Post
    Hello, on ubuntu 16.04.4 my default iptables 1.6 policy for the INPUT & OUTPUT chain is DROP and i would like to add ACCEPT/ALLOW rule for local LAN IPs (so i can connect to lan and other LAN devices to me), i read some articles and they suggest example:

    iptables -A INPUT 192.168.0.0/24 -j ACCEPT
    iptables -A OUTPUT 192.168.0.0/24 -j ACCEPT

    linux said:
    ping: sendmsg: Operation not permitted

    the reason was probably that the UFW firewall was not knowing about that rules. So i want to ask how to allow it in UFW? I tried: ufw allow out from 192.168.0.0/16 to 192.168.0.0/16 and it works to ping LAN IPs. Is it correct rule?

    Next issue i see is if i stop ufw, then computer somehow bypass the VPN and connect directly. Even VPN is enabled (via OS built in connectivity manager, not using any vpn client). When ufw is started, then per the ufw rules, only VPN connectivity is allowed and rest is blocked, so when i disable VPN, computer loose connectivity to the internet. How can i prevent this IP leak during ufw being terminated/stopped/dead ? Aim is not to allow bypassing VPN except LAN connections. Thank You
    more iptables questions? how many years do you need before you can actually try to figure something out yourself? and how are we supposed to tell you when you dont say crap about your network? we dont know what ranges you have defined or how you have your vpn set up or anything.

    dude youve been asking about iptables and this junk for five years. give it up and hire someone if your still clueless after that amount of time.

  3. #3
    Linux User
    Join Date
    Jul 2016
    Posts
    443
    -->
    Quote Originally Posted by postcd View Post
    Hello, on ubuntu 16.04.4 my default iptables 1.6 policy for the INPUT & OUTPUT chain is DROP and i would like to add ACCEPT/ALLOW rule for local LAN IPs (so i can connect to lan and other LAN devices to me), i read some articles and they suggest example:

    iptables -A INPUT 192.168.0.0/24 -j ACCEPT
    iptables -A OUTPUT 192.168.0.0/24 -j ACCEPT

    linux said:
    ping: sendmsg: Operation not permitted

    the reason was probably that the UFW firewall was not knowing about that rules.

    So i want to ask how to allow it in UFW?

    I tried: ufw allow out from 192.168.0.0/16 to 192.168.0.0/16

    and it works to ping LAN IPs. Is it correct rule?

    Next issue i see is if i stop ufw, then computer somehow bypass the VPN and connect directly. Even VPN is enabled (via OS built in connectivity manager, not using any vpn client).
    When ufw is started, then per the ufw rules, only VPN connectivity is allowed and rest is blocked, so when i disable VPN, computer loose connectivity to the internet.

    How can i prevent this IP leak during ufw being terminated/stopped/dead ?

    Aim is not to allow bypassing VPN except LAN connections. Thank You
    keep updating the thread title without actually doing any work. thatll sure get your job done for you.

    or you can try any of the 5yrs of threads you have around here about iptables and try to get both of your brain cells to work together, and do it yourself.

$spacer_open
$spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •