Firestarter configuration to allow VPN

FirestarterYesterday I had installed Firestarter (A Linux Firewall) in my Linux Mint desktop to act as the first line of defense against network based attacks.

Things were fine till today evening which was when I faced an issue with VPN. Although Firestarter allowed me to connect to the VPN, it was blocking me from doing a remote desktop to my work machine or another other machine in the network for that matter. In short Firestarter was blocking the VPN tunnel.

So the quickest way to fix this is:

  • Note down your VPN gateway IP address.
  • Open terminal and issue the command, enter the root password when prompted:
    sudo gedit /etc/firestarter/user-pre
  • Copy and paste the below code:
    # Forward Cisco VPN client traffic
    iptables -A INPUT -j ACCEPT -s xx.xx.xx.xx -p esp
    iptables -A INPUT -j ACCEPT -s xx.xx.xx.xx -p udp -m multiport –sports isakmp,10000
    iptables -A INPUT -j ACCEPT -i tun0
    iptables -A OUTPUT -j ACCEPT -d xx.xx.xx.xx -p esp
    iptables -A OUTPUT -j ACCEPT -d xx.xx.xx.xx -p udp -m multiport –dports isakmp,10000
    iptables -A OUTPUT -j ACCEPT -o tun0

  • Replace xx.xx.xx.xx with the VPN Gateway IP address you noted.
  • Save and close gedit.
  • Restart Firestarter by issuing:
    sudo /etc/init.d/firestarter restart

You should now be able to not only to the VPN but also remote desktop to your machine.

Leave a Reply