OpenVPN server and firewall rules

telnes · May 18, 2011, 9:33pm

Hello,
I have problem with limiting ovpn users by firewall. I Have 1 ovpn user (with IP 172.16.4.5) and I permit communication to one server and other communication to LAN must be denied. I have 2 rules: 1 chain=input action=accept protocol=tcp src-address=172.16.4.5 dst-address=172.16.0.5 dst-port=80 2 chain=input action=drop src-address=172.16.4.5 dst-address=172.16.0.0/24

But users can access to whole LAN (172.16.0.0/24).

Please help me with this problem.

petrn · May 18, 2011, 10:28pm

Hi,

use chain=forward instead of chain=input, it is bit nonintuitive. Forward chain is for traffic passing through the router and input/output chain for traffic terminated/originated in router.

If you like maze, here are couple: http://wiki.mikrotik.com/wiki/Manual:Packet_Flow

telnes · May 19, 2011, 5:07am

Thank you. Firewall with forward rules is now running.