Config question.
stnick
stnick at aquinascafe.org
Thu Apr 5 13:02:13 CEST 2001
Ivo Timmermans wrote:
>
> stnick wrote:
> > Can anyone tell me what the absolute minimally permissive ipchains rule
> > would be to allow tinc to operate correctly between two hosts. If we
> > were to presume each tinc host had a default-deny policy, what ipchains
> > command(s) would allow tinc to do its thing?
>
> If you are not doing any NAT, this should be enough:
>
> ipchains -A input -j ACCEPT -d <yourip> 665 -p udp
> ipchains -A output -j ACCEPT -d <theirip> 665 -p udp
> ipchains -A input -j ACCEPT -d <yourip> 665 -b -p tcp
> ipchains -A output -j ACCEPT -d <theirip> 665 -b -p tcp
>
> Repeat any rules with <theirip> for each host <yourip> needs to be
> able to have a connection with.
>
> Note that these rules are fairly permissive also, you could only allow
> incoming access to known hosts.
What if the hosts *are* doing NAT?
-Patrick
-
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
More information about the Tinc
mailing list