Hello,
I have set up openvpn and the firewall rules without much issue but now i am blocked.
The rules in the ipfw_rules file have been set up as defined below:
Code:
add 00010 allow ip from any to any via tun0
add 00101 allow ip from me to 192.168.0.0/24 uid transmission
add 00102 allow ip from 192.168.0.0/24 to me uid transmission
add 00103 deny ip from any to any uid transmission
add 65534 allow all from any to any
The rc.conf file has been edited and those lines have been added:
Code:
openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
cloned_interfaces="tun"
firewall_enable="YES"
firewall_type="/media/ipfw_rules"
And this is what is showing on my screen when i start openvpn and ipfw:
Code:
root@transmission_2:/ # /etc/rc.d/ipfw start
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
00010 allow ip from any to any via tun0
00101 allow ip from me to 192.168.0.0/24 uid transmission
00102 allow ip from 192.168.0.0/24 to me uid transmission
00103 deny ip from any to any uid transmission
65534 allow ip from any to any
Firewall rules loaded.
root@transmission_2:/ # /usr/local/etc/rc.d/openvpn start
Starting openvpn.
root@transmission_2:/ # ping www.google.com
ping: cannot resolve www.google.com: Host name lookup failure
root@transmission_2:/ #
The ping is not resolved. When I add a torrent to transmission from the web UI, it can not connect to the tracker neither.
Did I miss anything in the firewall rules setup?
I have the latest stable version of Freenas: 9.3. The server has the following IP in my LAN: 192.168.0.33. The transmission jail: 192.168.0.101.
Should I write the actual tranmission uid (1006 in my case) instead of "me uid transmission"?
Thank you!
Ludo