Access lists questions
Posted: Fri May 09, 2014 3:24 pm
Hello to everyone and thanks for having developed such a nice product!
I have setup the VPN fine and I can connect and ping around my LAN from my remote clients with no problems, however I need to apply some kind of "security policy" to restrict the access the remote clients have.
At the moment I use an openvpn server configured to hand off static ip addresses to my clients, and since each client is identifiable by its source ip, I can apply iptables rules to each remote client to restrict its specific access to some servers and ports.
I have tried to replicate this setup with SoftEther using the "Access List" feature, but there is something that keeps me from achieving my goal.
In all the firewalls I've known in the past 15 years, the default rule is to deny, however in the Access List the default rule seems to be to let packets pass if there is no specific rule that applies.
So I tried to add a "default deny" rule to the bottom of the priority list (it has the highest priority number) but, despite its priority, this rule keeps blocking everything, even the traffic I have explicitly allowed with the other rules above.
Here is my sample rule set
[attachment=0]AccessLists1.jpg[/attachment]
I have searched the documentation, the faqs, the usage examples and also the configuration file ( vpn_server.config ) for a way to revert the default rule from "default allow" to "default deny", but I haven't found anything.
Is this a bug?
My current setup is this:
- Centos 6.2 x64 VM (with promiscuous mode enabled on ESXi)
- 2 nics; 1 exposed to the DMZ and with appropriate firewall rules to allow port 5555, the other exposed to the LAN
- On the linux server there are no iptables rule applied
- Softether version 4.0.6 build 4937 installed on Centos server
- Softether client 4.0.6 build 4937 installed on windows pcs
Please let me know if there is something I can do to kickstart this and replace my current setup with SoftEther.
My best regards,
Michele
I have setup the VPN fine and I can connect and ping around my LAN from my remote clients with no problems, however I need to apply some kind of "security policy" to restrict the access the remote clients have.
At the moment I use an openvpn server configured to hand off static ip addresses to my clients, and since each client is identifiable by its source ip, I can apply iptables rules to each remote client to restrict its specific access to some servers and ports.
I have tried to replicate this setup with SoftEther using the "Access List" feature, but there is something that keeps me from achieving my goal.
In all the firewalls I've known in the past 15 years, the default rule is to deny, however in the Access List the default rule seems to be to let packets pass if there is no specific rule that applies.
So I tried to add a "default deny" rule to the bottom of the priority list (it has the highest priority number) but, despite its priority, this rule keeps blocking everything, even the traffic I have explicitly allowed with the other rules above.
Here is my sample rule set
[attachment=0]AccessLists1.jpg[/attachment]
I have searched the documentation, the faqs, the usage examples and also the configuration file ( vpn_server.config ) for a way to revert the default rule from "default allow" to "default deny", but I haven't found anything.
Is this a bug?
My current setup is this:
- Centos 6.2 x64 VM (with promiscuous mode enabled on ESXi)
- 2 nics; 1 exposed to the DMZ and with appropriate firewall rules to allow port 5555, the other exposed to the LAN
- On the linux server there are no iptables rule applied
- Softether version 4.0.6 build 4937 installed on Centos server
- Softether client 4.0.6 build 4937 installed on windows pcs
Please let me know if there is something I can do to kickstart this and replace my current setup with SoftEther.
My best regards,
Michele