Firewall rules for TINC server

Guillermo Bisheimer gbisheimer at bys-control.com.ar
Fri Jan 13 19:53:07 CET 2017


Hi to all.

I've setup a Tinc VPN for a bunch of nodes divided in two groups:

Group 1:
IP Range 10.100.0.2 to 10.100.127.255

Group 2:
IP Range 10.100.128.1 to 10.100.255.255

Server IP: 10.100.0.1

Every client connects only to the server.

In the server I have the following tinc.conf:

Name = server
AddressFamily = ipv4
Interface = tun0
TunnelServer = yes
Forwarding = kernel
ListenAddress = * 655

And using iptables I managed to isolate the clients in group 1 from seeing
each other using the following rule:

sudo iptables -A FORWARD -s 10.100.0.0/17 -d 10.100.0.0/17 -j DROP

Group 1 and 2 can see each other but cilents from group 1 cannot.

The problem is that I also need to isolate clients from group 1 from
reaching the server, but found no way to do that yet.

Tried with

sudo iptables -D INPUT -s 10.100.0.0/17 -d 10.100.0.1/32 -j DROP

but this only works for blocking ping but it doesn't stop curl or anything
else.

Any help would be appreciated. Thanks!
-- 

*Ing. Guillermo Bisheimer*

*B&S Sistemas de Control y Equipamientos*

Av. de los Constituyentes 1172

(E3116CIX) Crespo, Entre Ríos

Tel/Fax: (0343) 407-8990 (Nuevo número)

Cel: (0343) 154679052

WEB: www.bys-control.com.ar

e-mail: gbisheimer at bys-control.com.ar

skype: guillermo.bisheimer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170113/f75b23ba/attachment-0001.html>


More information about the tinc mailing list