'Re: [Openvpn-users] How to block clients access to local LAN?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvpn-users
Subject:    Re: [Openvpn-users] How to block clients access to local LAN?
From:       Bo Berglund <bo.berglund () gmail ! com>
Date:       2022-09-02 11:57:03
Message-ID: ohn3hh9fd5qhqfb0a4nq74tag0817mg27g () 4ax ! com
[Download RAW message or body]

On Fri, 02 Sep 2022 09:54:16 +0000, tincantech via Openvpn-users
<openvpn-users@lists.sourceforge.net> wrote:

>------- Original Message -------
>On Friday, September 2nd, 2022 at 06:56, Bo Berglund <bo.berglund@gmail.com> wrote:
>> UPDATE-RESOLVED:
>> ----------------
>> 
>> This iptables rule did the trick:
>> 
>> iptables -A FORWARD -s 10.8.0.136/29 -d 192.168.119.0/24 -j DROP
>> 
>> What it does is that it blocks local LAN access for all clients using an IP in
>> range 10.8.0.136 .. 10.8.0.151, in total 16 addresses.

>either your netmask is incorrect or your calculation is.
>
>Try `ipcalc 10.8.0.136/29`
>
>I think you meant /28

I did not know about ipcalc, but installed it:

I clearly goofed up by setting the start address at 136 and wanting 16 in the
group. That does not work with netmasks...
I need to start at 144!

So what I should have is a range start at 144 and end at 159
i.e.
10010000 to 10011111

So then the rule would change to:

iptables -A FORWARD -s 10.8.0.144/28 -d 192.168.119.0/24 -j DROP

$ ipcalc 10.8.0.144/28
Address:   10.8.0.144           00001010.00001000.00000000.1001 0000
Netmask:   255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard:  0.0.0.15             00000000.00000000.00000000.0000 1111
=>
Network:   10.8.0.144/28        00001010.00001000.00000000.1001 0000
HostMin:   10.8.0.145           00001010.00001000.00000000.1001 0001
HostMax:   10.8.0.158           00001010.00001000.00000000.1001 1110
Broadcast: 10.8.0.159           00001010.00001000.00000000.1001 1111
Hosts/Net: 14                    Class A, Private Internet

Thanks for pointing it out!
Now edited all the ccd files and changed iptables...


-- 
Bo Berglund
Developer in Sweden



_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic