Tinc Router Mode - PING RESULT is destination host unreachable

Lance Fredrickson lancethepants at gmail.com
Tue Feb 16 17:52:47 CET 2016


On 2/16/2016 9:04 AM, Eric Yau wrote:
> Hi Lars,
>
> Once I modify the firewall FORWARD rule to ACCEPT. I can ping and access my
> company PC at home. All traffic can pass through that. But I think it is not
> a good practice to change the FORWARD rule to ACCEPT. Any idea to check and
> just allow the tinc VPN traffic only? Instead of allow everything pass
> through the FORWARD rule.

Here's an example of firewall rules I run in my home router.  I've named 
the interface 'tinc' in my case.

iptables -I INPUT -p udp --dport 655 -j ACCEPT
iptables -I INPUT -p tcp --dport 655 -j ACCEPT
iptables -I INPUT -i tinc -j ACCEPT
iptables -I FORWARD -i tinc -j ACCEPT

Cheers,
Lance


More information about the tinc mailing list