我已经在Fedora 20上安装了一个OpenVPN服务器(server-bridge),但是我无法使它工作。 我几乎可以肯定,这是一个防火墙问题。
我试图从OSX客户端连接,但是我可以连接(只需连接到VPN服务器,不用访问任何东西),然后在configuration桥接器(使用这个脚本)之前,然后我无法连接。 我已经将它configuration为服务器桥接,遵循Fedora和OpenVPN以太网桥的这些使用方法 。
防火墙configuration使用iptables解释:
iptables -A INPUT -i tap0 -j ACCEPT iptables -A INPUT -i br0 -j ACCEPT iptables -A FORWARD -i br0 -j ACCEPT 然而,在Fedora 20中,默认情况下,它已经安装了firewalld,所以,谁能告诉我使用firewall-cmd的等价命令? 我阅读了firewalld指南 ,但我不清楚如何实现它(我是一个开发人员,没有SysAdmin)。
我知道我可以安装iptables,但我希望它能与firewalld一起工作。
更新:在firewall-cmd手册页上阅读一些后,我试图应用以前的命令使用 – --passthrough选项,即:
# firewall-cmd --permanent --direct --passthrough ipv4 -A FORWARD -i br0 -j ACCEPT # firewall-cmd --permanent --direct --passthrough ipv4 -A INPUT -i br0 -j ACCEPT # firewall-cmd --permanent --direct --passthrough ipv4 -A FORWARD -i br0 -j ACCEPT
命令成功执行,但它不起作用,我也试图使用eb而不是ipv4具有相同的结果。
ifconfig输出如下所示:
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.40 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::c9:aff:fe02:d953 prefixlen 64 scopeid 0x20<link> ether 02:c9:09:02:d9:53 txqueuelen 0 (Ethernet) RX packets 11276 bytes 1374285 (1.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 899 bytes 240110 (234.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 inet6 fe80::c9:afa:fe02:d953 prefixlen 64 scopeid 0x20<link> ether 03:c9:0a:02:d9:53 txqueuelen 1000 (Ethernet) RX packets 13548 bytes 1942379 (1.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1162 bytes 269258 (262.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 117 base 0xc000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 6883 bytes 2061608 (1.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6883 bytes 2061608 (1.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 p2p0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet6 fe80::9831:16ff:fe81:3658 prefixlen 64 scopeid 0x20<link> ether 9a:3b:16:84:36:58 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tap0: flags=4355<UP,BROADCAST,PROMISC,MULTICAST> mtu 1500 ether d6:6c:20:12:f3:b6 txqueuelen 100 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.41 netmask 255.255.255.0 broadcast 0.0.0.0 inet6 fe80::9a5b:16ff:fe81:3658 prefixlen 64 scopeid 0x20<link> ether 98:3b:11:81:36:58 txqueuelen 1000 (Ethernet) RX packets 2643 bytes 230523 (225.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5512 bytes 1726039 (1.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
firewalld有一些服务已经预先configuration,可以看到:
firewall-cmd --get-services
(configuration文件/usr/lib/firewalld/services/openvpn.xml)
如果你看到openvpn已经可用的服务,你可以使用:
firewall-cmd --add-service openvpn
我原来的问题的答案是:
# firewall-cmd --permanent --direct --passthrough ipv4 -A FORWARD -i br0 -j ACCEPT # firewall-cmd --permanent --direct --passthrough ipv4 -A INPUT -i br0 -j ACCEPT # firewall-cmd --permanent --direct --passthrough ipv4 -A FORWARD -i br0 -j ACCEPT
那么,如果你执行:
# firewall-cmd --permanent --direct --get-all-passthroughs
你会得到这个:
ipv4 -A INPUT -i tap0 -j ACCEPT ipv4 -A INPUT -i br0 -j ACCEPT ipv4 -A FORWARD -i br0 -j ACCEPT
但是,仍然有什么问题,我不能连接到VPN服务器,所以任何想法/线索将是受欢迎的。