Firewall rules for TINC server
Guillermo Bisheimer
gbisheimer at bys-control.com.ar
Fri Jan 13 19:53:07 CET 2017
Hi to all.
I've setup a Tinc VPN for a bunch of nodes divided in two groups:
Group 1:
IP Range 10.100.0.2 to 10.100.127.255
Group 2:
IP Range 10.100.128.1 to 10.100.255.255
Server IP: 10.100.0.1
Every client connects only to the server.
In the server I have the following tinc.conf:
Name = server
AddressFamily = ipv4
Interface = tun0
TunnelServer = yes
Forwarding = kernel
ListenAddress = * 655
And using iptables I managed to isolate the clients in group 1 from seeing
each other using the following rule:
sudo iptables -A FORWARD -s 10.100.0.0/17 -d 10.100.0.0/17 -j DROP
Group 1 and 2 can see each other but cilents from group 1 cannot.
The problem is that I also need to isolate clients from group 1 from
reaching the server, but found no way to do that yet.
Tried with
sudo iptables -D INPUT -s 10.100.0.0/17 -d 10.100.0.1/32 -j DROP
but this only works for blocking ping but it doesn't stop curl or anything
else.
Any help would be appreciated. Thanks!
--
*Ing. Guillermo Bisheimer*
*B&S Sistemas de Control y Equipamientos*
Av. de los Constituyentes 1172
(E3116CIX) Crespo, Entre Ríos
Tel/Fax: (0343) 407-8990 (Nuevo número)
Cel: (0343) 154679052
WEB: www.bys-control.com.ar
e-mail: gbisheimer at bys-control.com.ar
skype: guillermo.bisheimer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170113/f75b23ba/attachment-0001.html>
More information about the tinc
mailing list