firewalling / netfilter / iptables / tcpdump on the vpn

Russell Handorf rhandorf at handorf.org
Mon May 8 15:31:15 CEST 2006


Use the FORWARD rule. If you have the interfaces bridged, you'll need to 
use the firewalling support for bridging option.

r

xavier wrote:
> Hi !
>
> I tried tinc, i'm very happy with it  ;
> however, i have difficulties firewalling on the vpn itself ;
> here is my situation and what i'm experiencing:
>
>
>
> hosta ----|
>          vpn server
> hostb ----|
>
>
> my interface is named vpn1
>
> i can firewall connexions starting from host a and b  to the vpn server (on the vpn server) 
> (iptables -A INPUT -i vpn1 bla bla)
>
> i can firewall connexions starting from host a to host b (on host a and b)
>
> i can NOT firewall  connexions starting from host a to host on the vpn server.
>
>
> actually, tcpdump report the same thing :
>
> i can't see the traffic between host a and b,
> even if technically it's going through the vpn server (i can see the
> encrypted traffic on eth0 of the vpn server)
>
> it's a problem when you want to rescrict access from the vpn server, between 2 vpn hosts.
>
>
>
> any solution ?
>
> i guess  i could create an interface for each   host (vpnhosta, vpnhostb...) but 
> this would be a pain to manage.
>
> thanks
>
>   


More information about the tinc mailing list