Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

4
[iptables] Packets go out but can't come back
Post Flair (click to view more posts with a particular flair)
Resolved
Author Summary
killm_good is in iptables
Post Body

I'm trying to turn my Raspberry Pi 3 into a router with VPN by merging this router tutorial and this PIA VPN tutorial. I've tried to merge the iptables from the two and I'm stuck.

Here's what I have (iptables -L):

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 22
ACCEPT     all  --  anywhere             anywhere             /* In from AP */
ACCEPT     all  --  anywhere             anywhere             /* loopback */
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level warning prefix "iptables-dropped-input"

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             /* AP to VPN */
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level warning prefix "iptables-output"
ACCEPT     tcp  --  anywhere             anywhere             multiport sports 22
ACCEPT     all  --  anywhere             anywhere             /* Out to VPN */
ACCEPT     all  --  anywhere             anywhere             /* loopback */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:1198 /* openvpn */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ntp /* ntp */
ACCEPT     udp  --  anywhere             anywhere             udp dpts:bootps:bootpc /* dhcp */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain /* dns */

Using this, I can get packets out (no errors when trying to ping IPs or making DNS requests), but no packets ever return (ping loses all and DNS never resolves).

I had fail2ban but ssh was unreachable until I removed it. I'm using hostapd and dnsmasq to run a router on wlan0 with the uplink on tun0 through ethernet. systemctl --failed has 0 entries, and status for openvpn, dnsmasq, and hostapd are all good.

Secondary problem: about a minute goes by between the last login message and the bash prompt appearing over ssh. I guess DNS reverse times out. Ping and traceroute can resolve DNS but login is still delayed.

Edit: iptables problem is solved, the login delay is at xrdb -merge so I'll post a new thread.

Author
Account Strength
100%
Account Age
11 years
Verified Email
Yes
Verified Flair
No
Total Karma
19,850
Link Karma
13,480
Comment Karma
6,230
Profile updated: 5 days ago
Posts updated: 8 months ago
killm_good

Subreddit

r/linuxquestions

Post Details

Location
iptables
We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
7 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/linuxquesti...