[ufw] force all traffic through VPN


 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers [ufw] force all traffic through VPN
# 1  
Old 03-17-2019
[ufw] force all traffic through VPN

I am trying to force all my tun0's traffic through VPN but some some reason, the ufw is not working the way I want to.

Below are the commands that I have executed.. I am able to connect to my SSH and NFS server but for some reason that I am unable to understand, I am unable to surf the net.
What am I missing?

Code:
sudo echo "y" ufw reset
sudo ufw logging off
sudo ufw default deny incoming
sudo ufw default deny outgoing

#Force all VPN traffic to tun0
sudo ufw allow out on tun0 from any to any

#SSH
sudo ufw allow out on enp6s0 to ssh_ip_server port XX proto tcp

#NFS
sudo ufw allow out on enp6s0 to nfs_server_ip port xxx
sudo ufw allow out on enp6s0 to nfs_server_ip port xxx
sudo ufw allow out on enp6s0 to nfs_server_ip port xxx

sudo ufw enable

Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Linux

Linux keeps freezing on UFW BLOCK

Hi everyone, I have had trouble getting several versions of Linux stable on my machine over the last few months. I do not think the issue is with the machine. Windows ran fine on it for a long time. The current issue is that whenever I lock the screen then come back after a long time I find... (2 Replies)
Discussion started by: mojoman
2 Replies

2. Solaris

Vpn

Hi. Yesterday I installed Solaris 11.3 and I tried to setup a VPN but I didn't find how to make it. I saw the "network manager" where I found the ethernet connection but I didn't find where to add a VPN connection. When I used Debian Linux there was NetworkManagerVPN that with a GUI I... (0 Replies)
Discussion started by: Jena
0 Replies

3. Ubuntu

ubuntu kernel: [ 729.529501] [UFW ALLOW] ,[UFW AUDIT]

Hi , In our ubuntu server 10.10 ,we are getting below logs .Every day i need to restart server ,other wise it will not accessible.Some times ,i need to restart two times. When i ping google.com ,it was very slow .some times host not reachable .After reboot ,it will ping as good. ... (0 Replies)
Discussion started by: srinivasa
0 Replies

4. UNIX for Dummies Questions & Answers

Ubuntu 9.10 FIrewall--is UFW allowing anything through by default?

Hi, I have enabled my UBUNTU 9.10 ufw. By default does it let anything through? I would think it allows all outbound originating requests through and allows for their return but it does not allow any inbound requests. Is this how it works? ---------- Post updated at 08:17 PM ----------... (1 Reply)
Discussion started by: mojoman
1 Replies

5. UNIX for Dummies Questions & Answers

UFW show args command

In ubuntu man page there is this command. What are values of ARGS I can use? (0 Replies)
Discussion started by: mojoman
0 Replies

6. HP-UX

how to force umount

sorry, wrong section, mod please close thread (0 Replies)
Discussion started by: robertngo
0 Replies

7. UNIX for Advanced & Expert Users

VPN and then

Hi, I want to work on a remote unix server, then on a windows XP station I have a Forticlient that makes a VPN to the network on which the server is situated. But then I do not know how to work with. In DOS box (cmd BOX) I issue: telnet myserver but It does not know IT. Any idea ? Many thanks. (2 Replies)
Discussion started by: big123456
2 Replies

8. IP Networking

Vpn

Hi, I have two unix networks connected via VPN via IPsec. I am using snapgear vpn devices at each location. The two devices can ping one another, as well as the unix network behind the respected devices. The unix machines can ping their local vpn devices. However, I am having issues pinging... (1 Reply)
Discussion started by: l8kerboi23
1 Replies

9. UNIX for Dummies Questions & Answers

help with vpn

We have an older model DG Aviion Unix system and we're trying to switch to VPN but we can't talk to the Unix box... can't ping or telnet to it, but we can talk to all our other systems (PC/NT servers). Is there a network/tcpip setting we're missing? Something we have to change/set, either on... (0 Replies)
Discussion started by: markb
0 Replies
Login or Register to Ask a Question
SHOREWALL6-TCINTERF(5)						  [FIXME: manual]					    SHOREWALL6-TCINTERF(5)

NAME
tcinterfaces - Shorewall6 file SYNOPSIS
/etc/shorewall6/tcinterfaces DESCRIPTION
This file lists the interfaces that are subject to simple traffic shaping. Simple traffic shaping is enabled by setting TC_ENABLED=Simple in shorewall6.conf[1](5). A note on the bandwidth definition used in this file: o don't use a space between the integer value and the unit: 30kbit is valid while 30 kbit is not. o you can use one of the following units: kbps Kilobytes per second. mbps Megabytes per second. kbit Kilobits per second. mbit Megabits per second. bps or number Bytes per second. k or kb Kilo bytes. m or mb Megabytes. o Only whole integers are allowed. The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax). INTERFACE The logical name of an interface. If you run both IPv4 and IPv6 Shorewall firewalls, a given interface should only be listed in one of the two configurations. TYPE - [external|internal] Optional. If given specifies whether the interface is external (facing toward the Internet) or internal (facing toward a local network) and enables SFQ flow classification. Note Simple traffic shaping is only useful on interfaces where queuing occurs. As a consequence, internal interfaces seldom benefit from simple traffic shaping. VPN interfaces are an exception because the encapsulated packets are later transferred over a slower external link. IN-BANDWIDTH (in_bandwidth) - {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]} The incoming bandwidth of that interface. Please note that you are not able to do traffic shaping on incoming traffic, as the traffic is already received before you could do so. But this allows you to define the maximum traffic allowed for this interface in total, if the rate is exceeded, the packets are dropped. You want this mainly if you have a DSL or Cable connection to avoid queuing at your providers side. If you don't want any traffic to be dropped, set this to a value to zero in which case Shorewall will not create an ingress qdisc.Must be set to zero if the REDIRECTED INTERFACES column is non-empty. The optional burst option was added in Shorewall 4.4.18. The default burst is 10kb. A larger burst can help make the bandwidth more accurate; often for fast lines, the enforced rate is well below the specified bandwidth. What is described above creates a rate/burst policing filter. Beginning with Shorewall 4.4.25, a rate-estimated policing filter may be configured instead. Rate-estimated filters should be used with ethernet adapters that have Generic Receive Offload enabled by default. See Shorewall FAQ 97a[2]. To create a rate-estimated filter, precede the bandwidth with a tilde ("~"). The optional interval and decay_interval determine how often the rate is estimated and how many samples are retained for estimating. Please see http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt for details. OUT-BANDWIDTH (out_bandwidth) - [rate[:[burst][:[latency][:[peek][:[minburst]]]]]] Added in Shorewall 4.4.13. The terms are defined in tc-tbf(8). Shorewall provides defaults as follows: burst - 10kb latency - 200ms The remaining options are defaulted by tc(8). FILES
/etc/shorewall6/tcinterfaces. SEE ALSO
http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcpri, shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5) NOTES
1. shorewall6.conf http://www.shorewall.net/manpages6/shorewall6.conf.html 2. Shorewall FAQ 97a http://www.shorewall.net/FAQ.htm#faq97a [FIXME: source] 06/28/2012 SHOREWALL6-TCINTERF(5)