On Fri, 02 Sep 2022 09:54:16 +0000, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>------- Original Message ------- >On Friday, September 2nd, 2022 at 06:56, Bo Berglund <bo.bergl...@gmail.com> >wrote: >> UPDATE-RESOLVED: >> ---------------- >> >> This iptables rule did the trick: >> >> iptables -A FORWARD -s 10.8.0.136/29 -d 192.168.119.0/24 -j DROP >> >> What it does is that it blocks local LAN access for all clients using an IP >> in >> range 10.8.0.136 .. 10.8.0.151, in total 16 addresses. >either your netmask is incorrect or your calculation is. > >Try `ipcalc 10.8.0.136/29` > >I think you meant /28 I did not know about ipcalc, but installed it: I clearly goofed up by setting the start address at 136 and wanting 16 in the group. That does not work with netmasks... I need to start at 144! So what I should have is a range start at 144 and end at 159 i.e. 10010000 to 10011111 So then the rule would change to: iptables -A FORWARD -s 10.8.0.144/28 -d 192.168.119.0/24 -j DROP $ ipcalc 10.8.0.144/28 Address: 10.8.0.144 00001010.00001000.00000000.1001 0000 Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000 Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111 => Network: 10.8.0.144/28 00001010.00001000.00000000.1001 0000 HostMin: 10.8.0.145 00001010.00001000.00000000.1001 0001 HostMax: 10.8.0.158 00001010.00001000.00000000.1001 1110 Broadcast: 10.8.0.159 00001010.00001000.00000000.1001 1111 Hosts/Net: 14 Class A, Private Internet Thanks for pointing it out! Now edited all the ccd files and changed iptables... -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
