firewalling / netfilter / iptables / tcpdump on the vpn
xavier
list.tinc at natch.dyndns.org
Tue May 9 16:01:07 CEST 2006
On Mon, May 08, 2006 at 04:42:31PM +0200, Guus Sliepen wrote:
> On Mon, May 08, 2006 at 09:11:34AM -0400, xavier wrote:
>
> > it's a problem when you want to rescrict access from the vpn server, between 2 vpn hosts.
> >
> > any solution ?
>
> You can try to add the following two lines to route_ipv4_unicast() in
> src/route.c right above the line "via = ...":
>
> send_packet(myself, packet);
> return;
>
> You can also do the same in route_ipv6_unicast() if you also use IPv6 on
> the VPN.
>
> If this works without problems for you, I can make an option that
> enables that behaviour.
i can see the traffic now. i have to punch holes now that the traffic is blocked :-)
(i saw normal traffic, but duplicate icmp :
2006-05-09 09:38:44.085991 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086366 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086413 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086500 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086521 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086601 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086622 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086730 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086750 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086829 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086848 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086928 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.086948 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.087028 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.087047 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.087127 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.087146 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.087226 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.087246 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.087327 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
2006-05-09 09:38:44.087347 10.0.2.2 -> 10.0.2.7 ICMP Echo (ping) request
isn't that strange to return; without having send_packet(subnet->owner, packet); ?
is the return necessary ?
anyway, i can see the traffic on vpn1 on the vpn server,
however it's not visible anymore on host b (the host i'm trying to reach).
(no firewalling implied)
thanks
bye
--
xavier
More information about the tinc
mailing list