firewalling / netfilter / iptables / tcpdump on the vpn

xavier list.tinc at natch.dyndns.org
Tue May 9 17:05:46 CEST 2006


On Tue, May 09, 2006 at 10:01:07AM -0400, xavier wrote:
> On Mon, May 08, 2006 at 04:42:31PM +0200, Guus Sliepen wrote:
> > On Mon, May 08, 2006 at 09:11:34AM -0400, xavier wrote:
> > 
> 
> > > it's a problem when you want to rescrict access from the vpn server, between 2 vpn hosts.
> > > 
> > > any solution ?
> > 
> > You can try to add the following two lines to route_ipv4_unicast() in
> > src/route.c right above the line "via = ...":
> > 
> > 	send_packet(myself, packet);
> > 	return;
> > 
> > You can also do the same in route_ipv6_unicast() if you also use IPv6 on
> > the VPN.
> > 
> > If this works without problems for you, I can make an option that
> > enables that behaviour.
> 
> 
> 
> isn't that strange to return; without having     send_packet(subnet->owner, packet); ?
> 
> is the return necessary ?
> anyway, i can see the traffic on vpn1 on the vpn server,
> however it's not visible anymore on host b (the host i'm trying to reach).
> (no firewalling implied)


without return, traffic from hosta to b is working, (and i can see it)
but not from vpn server to host a or b.

May  9 11:00:41 emris martian source 10.0.2.7 from 10.0.2.1, on dev tunemris


-- 
xavier


More information about the tinc mailing list