Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
sharkirill2016-05-15 17:35:11
linux
sharkirill, 2016-05-15 17:35:11

AP Continent + IPTables?

Hello! Who set up a bunch of AP Continent (for access to SUFD) + IPTables a question for you. There was a problem when connecting users to the AP Continent through a proxy server on CentOS 7 with configured squid + iptables. On squid, traffic is wrapped on ports 80 and 443, the rest of the traffic is blocked. For the operation of the AP Continent, the following allowing rules have been created in iptables:

*filter
-A FORWARD -s 82.119.129.210 -d 10.10.11.192/27 -i eth0 -o tun0 -p udp --sport 4433 -j ACCEPT
-A FORWARD -d 82.119.129.210 -s 10.10.11.192/27 -o eth0 -i tun0 -p udp --dport 4433 -j ACCEPT
-A FORWARD -s 82.119.129.210 -d 10.10.12.192/27 -i eth0 -o tun1 -p udp --sport 4433 -j ACCEPT
-A FORWARD -d 82.119.129.210 -s 10.10.12.192/27 -o eth0 -i tun1 -p udp --dport 4433 -j ACCEPT
-A FORWARD -s 82.119.129.210 -d 10.10.13.192/27 -i eth0 -o tun2 -p udp --sport 4433 -j ACCEPT
-A FORWARD -d 82.119.129.210 -s 10.10.13.192/27 -o eth0 -i tun2 -p udp --dport 4433 -j ACCEPT
*nat
-A POSTROUTING -o eth0 -p udp --dport 4433 -d 82.119.129.210 -s 10.10.11.192/27 -j MASQUERADE
-A POSTROUTING -o eth0 -p udp --dport 4433 -d 82.119.129.210 -s 10.10.12.192/27 -j MASQUERADE
-A POSTROUTING -o eth0 -p udp --dport 4433 -d 82.119.129.210 -s 10.10.13.192/27 -j MASQUERADE

with this configuration, the connection is established every other time, it can work, then 10 connections will be an error at the authentication stage, then without changing the iptables configuration, it will work again. And if you connect directly to the provider's router with configured nat, then it connects immediately and without problems.
Is an open 4433 udp port sufficient for the white address of the AP Continent, given that the source ports are not blocked? And is it possible for several AP Continent clients to work correctly behind one proxy server?
What we tried - calling the operator of the AP Continent, did not help, "we have everything set up correctly, look at your equipment", lowering the MTU to 1400 did not help, opening all ports to the AP Continent did not help.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vladimir, 2016-05-16
@rostel

something I doubt that udp
had nothing to do with it, so the first line of diagnostics:
in the first console
in the second console,
do something that should fly to 82.119.129.210 and located behind tun0,
see what flew to the router in the first
what flew away after in the second, what immediately returned
and again in the first, whether what returned to the right place flew

Similar questions
B
Bogdan2018-12-15 14:54:42
NativeScript for Android 4.4? 1Reply
S
santavits2019-11-13 14:43:29
How to fix the link when sending? 7Reply
V
Vitaliy Kybych2019-11-17 23:37:33
How to set up wifi adapter in VirtualBox? 4Reply
D
djidookbvd2020-09-27 17:13:55
Books for learning the internals of Linux? 4Reply
K
Konstantin2016-06-27 21:15:57
How to terminate a bash script after a certain time? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question