Config question.

stnick stnick at aquinascafe.org
Thu Apr 5 13:02:13 CEST 2001


Ivo Timmermans wrote:
> 
> stnick wrote:
> > Can anyone tell me what the absolute minimally permissive ipchains rule
> > would be to allow tinc to operate correctly between two hosts.  If we
> > were to presume each tinc host had a default-deny policy, what ipchains
> > command(s) would allow tinc to do its thing?
> 
> If you are not doing any NAT, this should be enough:
> 
> ipchains -A input -j ACCEPT -d <yourip> 665 -p udp
> ipchains -A output -j ACCEPT -d <theirip> 665 -p udp
> ipchains -A input -j ACCEPT -d <yourip> 665 -b -p tcp
> ipchains -A output -j ACCEPT -d <theirip> 665 -b -p tcp
> 
> Repeat any rules with <theirip> for each host <yourip> needs to be
> able to have a connection with.
> 
> Note that these rules are fairly permissive also, you could only allow
> incoming access to known hosts.

What if the hosts *are* doing NAT?

	-Patrick
-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/



More information about the Tinc mailing list