Srs
Estou com um problema para utilizar a vpn com firewall.
Estou utilizando o openvpn e o iptables como firewall. Quando fecho a vpn fica funcioando normal, mas quando executo as regras de firewall para de funcionar.
Quando limpo as regras e altero a política padrão volta a funcionar (logicamente) sendo que o mais impressionante é que se eu executar as regras do firewall novamente fica funcionando blz.
Gostaria de pedir que vocês me ajudassem no problema em questão, abaixo coloquei as regras do firewall que estou utilizando.
Só mais uma coisa não existe varias máquinas com a máquina cliente , é apenas ela que precisa acessar a vpn.
#!/bin/bash
#Definicao de Constantes
ip="/sbin/iptables"
ssh_port="1148"
i_ext="eth0"
#Ativando o Roteador
echo "1" > /proc/sys/net/ipv4/ip_forward
#Alterar a Politica Padrao
$ip -t filter -P INPUT DROP
$ip -t filter -P OUTPUT DROP
#$ip -t filter -P FORWARD DROP
#Limpando as Regras
$ip -t filter -F
$ip -t nat -F
$ip -t filter -X
$ip -t nat -F
#Gerar Logs
$ip -t filter -A INPUT -p tcp --dport 22 -j LOG --log-prefix "FIREWALL:SSH_FALSE"
$ip -t filter -A INPUT -p tcp --dport $ssh_port -j LOG --log-prefix "FIREWALL:SSH"
#Firewall Statefull
$ip -t filter -A INPUT -m state --state ESTABLISHED,RELATED --j ACCEPT
$ip -t filter -A OUTPUT -m state --state ESTABLISHED,RELATED --j ACCEPT
$ip -t filter -A FORWARD -m state --state ESTABLISHED,RELATED --j ACCEPT
###########################################################
####################### Seguranca #########################
###########################################################
#
#loop back
$ip -A INPUT -i lo -j ACCEPT
#
#Bloqueio Back Orifice - Malware
$ip -A INPUT -i eth0 -p tcp --dport 31337 -j DROP
$ip -A INPUT -i eth0 -p udp --dport 31337 -j DROP
#
#Bloqueio Netbus - Malware
$ip -A INPUT -i eth0 -p tcp --dport 12345:12346 -j DROP
$ip -A INPUT -i eth0 -p udp --dport 12345:12346 -j DROP
#
#Bloqueio Trin00 - Malware
$ip -A INPUT -i eth0 -p tcp --dport 1524 -j DROP
$ip -A INPUT -i eth0 -p tcp --dport 27665 -j DROP
$ip -A INPUT -i eth0 -p udp --dport 27444 -j DROP
$ip -A INPUT -i eth0 -p udp --dport 31335 -j DROP
#
#Rejeitando ident requeridos
$ip -A INPUT -i eth0 -p tcp --dport 113 -j DROP
$ip -A INPUT -i eth0 -p udp --dport 113 -j DROP
###########################################################
##################### Tabela Filter #######################
###########################################################
#CHAIN INPUT
$ip -A INPUT -i tun0 -j ACCEPT
#CHAIN FORWARD
#CHAIN OUTPUT
$ip -A OUTPUT -o tun0 -j ACCEPT