tinc connection only usable after ping from other side
Guus Sliepen
guus at sliepen.eu.org
Sun Jan 18 14:21:00 CET 2004
On Sat, Jan 17, 2004 at 07:08:23PM +0100, uws wrote:
> > $IPTABLES --policy INPUT DROP
> > $IPTABLES --append INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
>
> > And remember that tinc's UDP packets are sent and received to and from
> > $EXTERNALIF.
>
> However, I use "TCPonly = yes" for all my connections, because the other
> side is always behind a NAT router.
>
> The only oddness I just discovered, is that I used "TCPonly" (without
> capital O) instead of "TCPOnly" in my hosts config files. I can't test right
> now, but does this make a difference?
As you can read in the manpages:
This file consists of comments (lines started with a #) or assignments
in the form of:
Variable = Value.
The variable names are case insensitive, and any spaces, tabs, newlines
and carriage returns are ignored. Note: it is not required that you put
in the = sign, but doing so improves readability.
Anyway, check whether a firewall rule blocks packets by using this
command:
watch -d -n 1 iptables -L -v -x -n
If that doesn't show anything unusual, use tcpdump on $EXTERNALIF and
$TINCIF to see what kind of packets are sent/received on which
interface.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20040118/1e5ba788/attachment.pgp
More information about the Tinc
mailing list