Hi All,
i would like to allow certain incoming ports only from VPN connected clients.
So the port is open when connected by vpn, but is closed when the clients is not connected by VPN
When a client is connected i do see the interface "l2tp-user", and i can configure it like this:
Chain:forward
protocol:TCP
destination port:portnr
In Interface :l2tp-user
Action: Accept
Chain:dstnat
protocol:TCP
destination port:portnr
In Interface :l2tp-user
Action: dst-nat
to adress: serverip
to port: portnr
When the client is disconnected the rule is not valid anymore
i tried to filter on the "PPP" in-interface like this:
Chain:forward
protocol:TCP
destination port:portnr
In Interface :All PPP
Action: Accept
Chain:dstnat
protocol:TCP
destination port:portnr
In Interface :All PPP
Action: dst-nat
to adress: serverip
to port: portnr
But for some reason i can still connect to the port even when i'm not connected via vpn. (or is PPP for outgoing vpn users?)
i also try to filter on only private ip adresses, like this:
Chain:forward
Source address: vpn pool ip
proocol:TCP
destination port:portnr
In Interface :All PPP
Action: Accept
Chain:dstnat
Source address: vpn pool ip
protocol:TCP
destination port:portnr
In Interface :All PPP
Action: dst-nat
to adress: serverip
to port: portnr
But the source from the vpn clients, are still public ips.
It's sounds like a common issue that probably is already solved by one of you guys.