i have a dedicated openVPN server sitting behind a NAT router and i have the server's static IP set in the DMZ; the problem is that with current rule set (as seen in the screenshot below) i cannot connect to the VPN server from the internet, nor SSH for that matter; however, if i allow traffic on eth0 all is fine but that pretty much allows any kind of traffic to reach the host and that completely defeats the purpose of the iptables ruleset; in the screenshot i have set traffic to eth0 (second rule bottom to top) to nothing and the host is inaccessible with the rules i have imposed above, but if i set that rule to accept all is fine but as i said, that defeats the purpose of all the rules above
the host has only one physical ethernet adapter (eth0) with a static IP behind a NAT router
i cannot figure out what the problem is here and any help would be much appreciated; if i am on the network behind the NAT, all is fine and all policies work, even if the second rule from bottom to top is set to Nothing (inactive)
thank you!
OpenVPN daemon instances run on ports 1194 and 1195 SSH daemon runs on port 50
here is the iptables ruleset configuration file, i trimmed all the rules and left just port 50 open to the public but i still cant access it
# Generated by iptables-save v1.3.8 on Mon Jan 2 14:46:33 2012
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Jan 2 14:46:33 2012
# Generated by iptables-save v1.3.8 on Mon Jan 2 14:46:33 2012
*mangle
:PREROUTING ACCEPT [213:219554]
:INPUT ACCEPT [213:219554]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [155:35616]
:POSTROUTING ACCEPT [155:35616]
COMMIT
# Completed on Mon Jan 2 14:46:33 2012
# Generated by iptables-save v1.3.8 on Mon Jan 2 14:46:33 2012
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m udp -i eth0 --sport 50 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth0 --sport 50 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j ACCEPT
COMMIT
# Completed on Mon Jan 2 14:46:33 2012
EDIT:
really weird though, SSH works, and so does the webserver on port 10000 but i cant seem to connect to the VPN server, and the rules ive set are the same you guys have suggested but different port, ie. 1194 and 1195 even when i allow all traffic to go through...
i switched to UDP, and now i can connect publicly but the client hangs on receiving server responses, so basically the client can send data packets to the server but the server cannot route back; the openVPN sits behind 2 NAT routers the first NAT router faces the internet, and the second NAT router has a static IP behind the first and it IS set in the DMZ of the first, internet facing, router and i have specific ports forwarded on the second NAT router however what confuses me is that i can serve web pages and i can SSH under this configuration but cannot get openVPN working properly...