A OUTPUT -o eth0 -p udp -m state -state NEW,ESTABLISHED -dport 123 -j ACCEPT A INPUT -i eth0 -p udp -m state -state ESTABLISHED -sport 123 -j ACCEPT A OUTPUT -o eth0 -p tcp -m state -state NEW,ESTABLISHED -dport 443 -j ACCEPTĪssuming that you’re not going to manually synchronize your server clock and the client clocks, you’re going to need NTP. A OUTPUT -o eth0 -p tcp -m state -state NEW,ESTABLISHED -dport 80 -j ACCEPT A INPUT -i eth0 -p tcp -m state -state ESTABLISHED -sport 443 -j ACCEPT A INPUT -i eth0 -p tcp -m state -state ESTABLISHED -sport 80 -j ACCEPT
#Pritunl vmware update#
It might seem odd to allow HTTP/S traffic, but you do want Debian to be able to update itself, right? These rules allow Debian to initiate HTTP requests, but not receive them from the outside. A OUTPUT -o eth0 -p tcp -m state -state NEW,ESTABLISHED -dport 53 -j ACCEPT A INPUT -i eth0 -p tcp -m state -state ESTABLISHED -sport 53 -j ACCEPT A OUTPUT -o eth0 -p udp -m state -state NEW,ESTABLISHED -dport 53 -j ACCEPT
A INPUT -i eth0 -p udp -m state -state ESTABLISHED -sport 53 -j ACCEPT You’re also going to want to allow DNS traffic through your VPN server. A OUTPUT -o eth0 -p udp -m state -state ESTABLISHED -sport 1194 -j ACCEPT A INPUT -i eth0 -p udp -m state -state NEW,ESTABLISHED -dport 1194 -j ACCEPT If you choose to go with TCP, let the rules reflect that. This guide is going to use UDP for OpenVPN. Obviously, you’re going to want to allow OpenVPN traffic through. A OUTPUT -o eth0 -p tcp -m state -state ESTABLISHED -sport 22 -j ACCEPT A INPUT -i eth0 -p tcp -m state -state NEW,ESTABLISHED -dport 22 -j ACCEPT You should probably change SSH off of port 22, so let your rules reflect that.
A INPUT -p icmp -m state -state ESTABLISHED,RELATED -j ACCEPT A INPUT -p icmp -m state -state NEW -icmp-type 8 -j ACCEPT Next, you probably want to be able to ping your server. These just tell iptables to only accept looback traffic originating from localhost. Start off with the simplest set of rules, the loopback interface ones. Yes, there will be an IPv6 one too, but it’ll be much shorter. Start the file off by adding *filter to let iptables know that these are filter rules. Iptables will save your rules anyway, so /tmp is fine. You can make it somewhere that you want to save or just dump it in /tmp. You’ll compose a file with all of the commands and just restore it into iptables.Ĭreate your file. Make sure to swap in the name of your server’s network interface instead.Įvery Linux user and admin loves writing iptables rules, right? It’s not going to be that bad. The rest of this guide will refer to that interface as eth0, but that probably won’t be yours. Use ifconfig or ip a to search for the interface that your server is connected to the Internet with. So, the first step in setting up a VPN on Debian is setting up iptables.īefore you can start writing your iptables rules, you need to know which interface you’re writing them for. Iptables also works to prevent unauthorized connections. You need iptables to ensure that information doesn’t leak out of your VPN. Iptables is a big part of server security. You need to take the appropriate steps to ensure that both the server and your connections remain private and encrypted.īefore embarking down this road, you may want to consider encrypting your disks, beefing up kernel security with SELinux or PAX, and making sure everything else is locked down. It’s possible to set up a simple one in a few minutes, but it won’t be secure at all. Security is an important factor for VPNs. For one, when you run your own VPN, you have complete control of it and know exactly what it’s doing. Setting up your own VPN is no small task, but there are plenty of reasons that you’d want to do it.
#Pritunl vmware install#
A working install of Debian Stretch with root access.This guide assumes that you’re running Debian on a VPS or a remote server, since that’s the most likely scenario for a VPN.This guide is tested for Debian 9 Stretch Linux, but it may work with other recent Debian versions.
0 kommentar(er)
