Are you trying to host a VPN server or connect to one? It would help to step back and explain the problem and then explain what you understand the solution to be. Some context would be really helpful (and potentially help you avoid solutions that don't really fix your problem... this is pretty much the story of my career).
>From the script that you posted it appears that you are setting some iptables (aka "firewall") rules allowing all traffic on the eth0 interface of some host from all computers in the network range of 192.168.1.1-255. It appears that you are also attempting to allow this machine to make DHCP requests and to connect to some vpn servers pulled from openvpn config files. This would indicate that you want to connect your machine to an openvpn server to protect your traffic from snoopers on the first couple of hops, but you don't need iptables to do that. Basically it looks like an overly complicated (but not a complete or thourough) client configuration. You don't need iptables to connect to an openvpn server. This is where the context would be handy. *** Begin what is probably insanely boring background information for most sane people. *** 192.168.XX.XX addresses are one of the blocks set aside for "private" use. That is they were never intended to be used on the Internet, just small private, disconnected networks. When we started running out of IP addresses 20 years ago, some people came up with the idea of Network Address Translation (NAT) where you could have a router hide these private networks behind a single publicly routable IP (a "real" IP address out on the Internet). 192.168.0.0/24 (basically 192.168.0.1-255) is commonly used in off the shelf routers (Dlink, Linksys, TP-Link, Asus etc.) and in a lot of examples in do DIY solutions. 10.XXX.XXX.XXX and 172.16.XXX.XXX are some other "private" IP blocks. What this all means is that your computers on your LAN that are behind your router probably have an IP address like this. The thing is no one on the Internet can initiate a connection to them directly, they have to connect to your router's "external" (Shaw provided) IP address, and then maybe the router will forward that packet to an internal host (this is usually known as port forwarding). This is not usually a problem when you connect because your machine will connect to the router, which will then "remember" that your computer sent the request, and then forwards all the replies to your computer. *** End boring stuff. If you want to really get to know networking and Linux, lartc.org is *THE* place to go first. *** On Tue, Mar 10, 2015 at 11:07 PM, Joe S <joes...@shaw.ca> wrote: > I found this script and am trying to get it to work for my > computer. It is to restrict connections to the VPN. The thing I > don't understand is what IP address to use. I have been looking > on the NET, but am not familiar with networking. In this script > the person uses 192.168.1.0/24 > I think this is for a network. I am connected to shaw through a > cable modem, so I need to know what IP would be used in my > case. > > Thanks > > > #!/bin/sh > > /sbin/iptables -P INPUT DROP > > /sbin/iptables -A INPUT -i lo -j ACCEPT > > /sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > /sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -j ACCEPT > > /sbin/iptables -A OUTPUT -o eth0 -d 192.168.1.0/24 -m state --state > RELATED,ESTABLISHED -j ACCEPT > > /sbin/iptables -A OUTPUT -p udp --sport 68 -j ACCEPT > > /bin/grep -h '^remote ' /etc/openvpn/*.ovpn | /usr/bin/cut -d ' ' -f 2 > | /usr/bin/sort -du | /usr/bin/xargs -I @ /sbin/iptables -A OUTPUT -d @ > -j ACCEPT > > /sbin/iptables -A OUTPUT -o eth0 -j REJECT > > _______________________________________________ > clug-talk mailing list > clug-talk@clug.ca > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying >
_______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
