firewalling / netfilter / iptables / tcpdump on the vpn
xavier
list.tinc at natch.dyndns.org
Tue May 9 17:05:46 CEST 2006
On Tue, May 09, 2006 at 10:01:07AM -0400, xavier wrote:
> On Mon, May 08, 2006 at 04:42:31PM +0200, Guus Sliepen wrote:
> > On Mon, May 08, 2006 at 09:11:34AM -0400, xavier wrote:
> >
>
> > > it's a problem when you want to rescrict access from the vpn server, between 2 vpn hosts.
> > >
> > > any solution ?
> >
> > You can try to add the following two lines to route_ipv4_unicast() in
> > src/route.c right above the line "via = ...":
> >
> > send_packet(myself, packet);
> > return;
> >
> > You can also do the same in route_ipv6_unicast() if you also use IPv6 on
> > the VPN.
> >
> > If this works without problems for you, I can make an option that
> > enables that behaviour.
>
>
>
> isn't that strange to return; without having send_packet(subnet->owner, packet); ?
>
> is the return necessary ?
> anyway, i can see the traffic on vpn1 on the vpn server,
> however it's not visible anymore on host b (the host i'm trying to reach).
> (no firewalling implied)
without return, traffic from hosta to b is working, (and i can see it)
but not from vpn server to host a or b.
May 9 11:00:41 emris martian source 10.0.2.7 from 10.0.2.1, on dev tunemris
--
xavier
More information about the tinc
mailing list