I was following this tutorial on setting up a Virtual Private Cloud (VPC): How to Configure a droplet as a gateway
The droplet I’m using as a gateway is running OpenVPN. The user connects to the VPC via openVPN and uses it to access resources in the VPC. In particular, a java application accesses a droplet in the vpc containing a mysql database. I’ve managed this setup though I’m finding the Universal firewall rules slightly challenging on the MySQL server droplet.
The problem is as follows. If I specify:
sudo ufw allow in on eth1 to any port 3306
then traffic gets from the open vpn server/gateway to the droplet fine. However if I try to set a more restrictive rule to specify only traffic from within the VPC is allowed:
sudo ufw allow in on eth1 from 10.114.0.0/20 to any port 3306
The firewall blocks my traffic.
The logical reason for this is because the IP address range I’m specifying must be erroneous. Though when I’m in the Digital Ocean control panel and I look under the Overview section of the VPC there is text stating **network range ** Specifying the range as: 10.114.0.0/20. My understanding is that this means the IP range is 10.114.0.1 to 10.114.15.254. However when I look at my private ip when connected to the VPC via open vpn it’s 10.20.0.6. So how do I get the correct IP range for to specify for the UFW rules so that this fiewall allows traffic from client machines connected within the VPC?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $100 of credit to try our products over 60 days!