<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Verdana"><br>
Okay, so tincd on MASTER can handle more than one connection to the
same server.<br>
I though that you must have a seperate VPN tunnel for each new 2
computers that you connect.<br>
VPN = tunnel between 2 computers I thought.<br>
So that means i could connect all 3 computers to the same "vpn"/"btun"
VPN tunnel?<br>
<br>
"vpn" tunnel si on port 655 and "btun" on port 666.<br>
<br>
<br>
<br>
here is the requested output from my iptables.<br>
<br>
<br>
<br>
<br>
<br>
<br>
On MASTER :<br>
iptables -t nat -vxnL<br>
Chain PREROUTING (policy ACCEPT 134034 packets, 10567749 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 DNAT tcp -- * *
0.0.0.0/0 88.206.209.44 tcp dpt:8000 to:192.168.0.26<br>
0 0 DNAT tcp -- * *
0.0.0.0/0 88.206.209.44 tcp dpt:3389 to:192.168.0.9<br>
0 0 DNAT tcp -- * *
0.0.0.0/0 88.206.209.44 tcp dpt:8080 to:192.168.0.25<br>
298 14836 DNAT tcp -- * *
0.0.0.0/0 88.206.209.44 tcp dpt:29999 to:192.168.0.10<br>
0 0 DNAT udp -- * *
0.0.0.0/0 88.206.209.44 udp dpt:29998 to:192.168.0.10<br>
<br>
Chain POSTROUTING (policy ACCEPT 30689 packets, 1708034 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
132 6426 MASQUERADE all -- * eth1
192.168.0.0/16 0.0.0.0/0<br>
0 0 MASQUERADE all -- * eth1
192.168.1.0/24 0.0.0.0/0<br>
0 0 MASQUERADE tcp -- * eth1
0.0.0.0/0 192.168.0.26 tcp dpt:8000<br>
0 0 MASQUERADE tcp -- * eth1
0.0.0.0/0 192.168.0.9 tcp dpt:3389<br>
0 0 MASQUERADE tcp -- * eth1
0.0.0.0/0 192.168.0.25 tcp dpt:8080<br>
0 0 MASQUERADE tcp -- * eth1
0.0.0.0/0 192.168.0.10 tcp dpt:29999<br>
0 0 MASQUERADE udp -- * eth1
0.0.0.0/0 192.168.0.10 udp dpt:29998<br>
<br>
Chain OUTPUT (policy ACCEPT 5682 packets, 420344 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
<br>
<br>
<br>
Iptables -vxnL<br>
<br>
Chain INPUT (policy DROP 1 packets, 136 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
4831 290533 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED<br>
0 0 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW<br>
0 0 In_RULE_0 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp spts:15000:15100 state NEW<br>
0 0 In_RULE_0 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpts:15000:15100 state NEW<br>
0 0 In_RULE_0 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW<br>
0 0 In_RULE_1 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW<br>
0 0 In_RULE_2 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpts:655:656 state NEW<br>
0 0 In_RULE_2 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:666 state NEW<br>
0 0 In_RULE_2 udp -- eth1 *
0.0.0.0/0 0.0.0.0/0 udp dpts:655:656 state NEW<br>
0 0 In_RULE_2 udp -- eth1 *
0.0.0.0/0 0.0.0.0/0 udp dpt:666 state NEW<br>
0 0 In_RULE_3 icmp -- eth1 *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 In_RULE_3 icmp -- eth1 *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 In_RULE_4 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW<br>
0 0 In_RULE_5 all -- eth1 *
88.206.209.44 0.0.0.0/0<br>
0 0 In_RULE_5 all -- eth1 *
192.168.0.1 0.0.0.0/0<br>
0 0 In_RULE_6 icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 In_RULE_6 icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 In_RULE_6 tcp -- eth0 *
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
22,445,139,53,80 state NEW<br>
0 0 In_RULE_6 udp -- eth0 *
0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW<br>
0 0 In_RULE_7 all -- lo *
0.0.0.0/0 0.0.0.0/0 state NEW<br>
0 0 RULE_8 all -f * *
0.0.0.0/0 0.0.0.0/0<br>
0 0 Cid423C6D8B.0 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp multiport dports 68,67
state NEW<br>
0 0 Cid423C6D8B.1 udp -- * *
0.0.0.0/0 255.255.255.255 udp multiport dports 68,67
state NEW<br>
0 0 Cid423C6DA1.0 all -- * *
88.206.209.44 0.0.0.0/0 state NEW<br>
1 78 Cid423C6DA1.0 all -- * *
192.168.0.1 0.0.0.0/0 state NEW<br>
126 11017 RULE_12 all -- * *
192.168.0.0/16 0.0.0.0/0 state NEW<br>
0 0 RULE_12 all -- * *
192.168.1.0/24 0.0.0.0/0 state NEW<br>
41 4512 RULE_13 all -- * *
0.0.0.0/0 0.0.0.0/0<br>
0 0 In_RULE_14 all -- * *
0.0.0.0/0 0.0.0.0/0<br>
Chain FORWARD (policy DROP 4 packets, 168 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
23249 22168183 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED<br>
0 0 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW<br>
0 0 In_RULE_2 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpts:655:656 state NEW<br>
0 0 In_RULE_2 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:666 state NEW<br>
0 0 In_RULE_2 udp -- eth1 *
0.0.0.0/0 0.0.0.0/0 udp dpts:655:656 state NEW<br>
0 0 In_RULE_2 udp -- eth1 *
0.0.0.0/0 0.0.0.0/0 udp dpt:666 state NEW<br>
0 0 Out_RULE_2 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpts:655:656 state NEW<br>
0 0 Out_RULE_2 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:666 state NEW<br>
0 0 Out_RULE_2 udp -- * eth1
0.0.0.0/0 0.0.0.0/0 udp dpts:655:656 state NEW<br>
0 0 Out_RULE_2 udp -- * eth1
0.0.0.0/0 0.0.0.0/0 udp dpt:666 state NEW<br>
0 0 In_RULE_3 icmp -- eth1 *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 In_RULE_3 icmp -- eth1 *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 Out_RULE_3 icmp -- * eth1
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 Out_RULE_3 icmp -- * eth1
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 In_RULE_4 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW<br>
0 0 Out_RULE_4 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW<br>
0 0 In_RULE_5 all -- eth1 *
88.206.209.44 0.0.0.0/0<br>
0 0 In_RULE_5 all -- eth1 *
192.168.0.1 0.0.0.0/0<br>
0 0 In_RULE_6 icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 In_RULE_6 icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
5 240 In_RULE_6 tcp -- eth0 *
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
22,445,139,53,80 state NEW<br>
4 282 In_RULE_6 udp -- eth0 *
0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW<br>
122 10248 Out_RULE_6 icmp -- * eth0
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 Out_RULE_6 icmp -- * eth0
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 Out_RULE_6 tcp -- * eth0
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
22,445,139,53,80 state NEW<br>
0 0 Out_RULE_6 udp -- * eth0
0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW<br>
0 0 RULE_8 all -f * *
0.0.0.0/0 0.0.0.0/0<br>
156 7488 RULE_12 all -- * *
192.168.0.0/16 0.0.0.0/0 state NEW<br>
0 0 RULE_12 all -- * *
192.168.1.0/24 0.0.0.0/0 state NEW<br>
249 12372 In_RULE_14 all -- + *
0.0.0.0/0 0.0.0.0/0<br>
Chain OUTPUT (policy DROP 1 packets, 84 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
17837 25184467 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED<br>
0 0 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW<br>
0 0 Cid423C6E00.0 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp spts:15000:15100 state NEW<br>
0 0 Cid423C6E00.0 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpts:15000:15100 state NEW<br>
0 0 Cid423C6E00.0 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW<br>
0 0 Cid6349X17668.0 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW<br>
0 0 Out_RULE_2 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpts:655:656 state NEW<br>
0 0 Out_RULE_2 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:666 state NEW<br>
0 0 Out_RULE_2 udp -- * eth1
0.0.0.0/0 0.0.0.0/0 udp dpts:655:656 state NEW<br>
0 0 Out_RULE_2 udp -- * eth1
0.0.0.0/0 0.0.0.0/0 udp dpt:666 state NEW<br>
0 0 Out_RULE_3 icmp -- * eth1
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 Out_RULE_3 icmp -- * eth1
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 Out_RULE_4 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW<br>
0 0 Out_RULE_6 icmp -- * eth0
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 Out_RULE_6 icmp -- * eth0
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 Out_RULE_6 tcp -- * eth0
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
22,445,139,53,80 state NEW<br>
0 0 Out_RULE_6 udp -- * eth0
0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW<br>
0 0 Out_RULE_7 all -- * lo
0.0.0.0/0 0.0.0.0/0 state NEW<br>
0 0 RULE_8 all -f * *
0.0.0.0/0 0.0.0.0/0<br>
0 0 RULE_10 udp -- * *
0.0.0.0/0 192.168.0.0/16 udp multiport dports 68,67
state NEW<br>
0 0 RULE_11 icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
17 1428 RULE_11 icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 RULE_11 tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
53,21,80,443,22,2401,25 state NEW<br>
0 0 RULE_11 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpts:33434:33524 state NEW<br>
0 0 RULE_11 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW<br>
1 78 RULE_12 all -- * *
192.168.0.0/16 0.0.0.0/0 state NEW<br>
0 0 RULE_12 all -- * *
192.168.1.0/24 0.0.0.0/0 state NEW<br>
0 0 RULE_13 all -- * *
0.0.0.0/0 88.206.209.44<br>
0 0 RULE_13 all -- * *
0.0.0.0/0 192.168.0.1<br>
<br>
Chain Cid423C6D8B.0 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 RULE_9 all -- * *
0.0.0.0 0.0.0.0/0<br>
0 0 RULE_9 all -- * *
192.168.0.0/16 0.0.0.0/0<br>
Chain Cid423C6D8B.1 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 RULE_9 all -- * * 0.0.0.0
0.0.0.0/0<br>
0 0 RULE_9 all -- * *
192.168.0.0/16 0.0.0.0/0<br>
<br>
Chain Cid423C6DA1.0 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 RULE_11 icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0<br>
0 0 RULE_11 icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0<br>
0 0 RULE_11 tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
53,21,80,443,22,2401,25<br>
0 0 RULE_11 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpts:33434:33524<br>
0 0 RULE_11 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:53<br>
<br>
Chain Cid423C6E00.0 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 Out_RULE_0 all -- * *
0.0.0.0/0 88.206.209.44<br>
0 0 Out_RULE_0 all -- * *
0.0.0.0/0 192.168.0.1<br>
<br>
Chain Cid6349X17668.0 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 Out_RULE_1 all -- * *
0.0.0.0/0 88.206.209.44<br>
0 0 Out_RULE_1 all -- * *
0.0.0.0/0 192.168.0.1<br>
<br>
Chain In_RULE_0 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`FTPD'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_1 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`HTTPD'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_14 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
249 12372 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`LAST DENY'<br>
249 12372 DROP all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_2 (8 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`VPN'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_3 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`PING'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_4 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`SSH'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_5 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`SPOOFING'<br>
0 0 DROP all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_6 (8 references)<br>
pkts bytes target prot opt in out
source destination<br>
9 522 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`INTERNAL_NET'<br>
9 522 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_7 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`LOOPBACK'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_0 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`FTPD'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_1 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`HTTPD'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_2 (8 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`VPN'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_3 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`PING'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_4 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`SSH'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_6 (8 references)<br>
pkts bytes target prot opt in out
source destination<br>
122 10248 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`INTERNAL_NET'<br>
122 10248 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_7 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`LOOPBACK'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_10 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`DHCPREPLIES'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_11 (10 references)<br>
pkts bytes target prot opt in out
source destination<br>
17 1428 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`OUTGOING'<br>
17 1428 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_12 (6 references)<br>
pkts bytes target prot opt in out
source destination<br>
283 18583 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`NAT_CONNECTIONS'<br>
283 18583 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_13 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
41 4512 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`DENY'<br>
41 4512 DROP all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_8 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`FRAGMENTS'<br>
0 0 DROP all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_9 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`DHCPREQUEST'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
<br>
<br>
**************************************'<br>
<br>
on BACKUP<br>
iptables -t nat -vxnL<br>
Chain PREROUTING (policy ACCEPT 190883 packets, 47540232 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 DNAT tcp -- * *
0.0.0.0/0 88.206.209.35 tcp spt:80 dpt:8000
to:192.168.3.20<br>
0 0 DNAT tcp -- * *
0.0.0.0/0 88.206.209.35 tcp dpt:29999 to:192.168.3.20<br>
0 0 DNAT udp -- * *
0.0.0.0/0 88.206.209.35 udp dpt:29999 to:192.168.3.20<br>
<br>
Chain POSTROUTING (policy ACCEPT 4542 packets, 335818 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
4636 251496 SNAT all -- * eth1
192.168.3.0/24 0.0.0.0/0 to:88.206.209.35<br>
0 0 SNAT all -- * eth1
192.168.0.0/16 0.0.0.0/0 to:88.206.209.35<br>
0 0 SNAT tcp -- * eth1
0.0.0.0/0 192.168.3.20 tcp spt:80 dpt:8000
to:88.206.209.35<br>
0 0 SNAT tcp -- * eth1
0.0.0.0/0 192.168.3.20 tcp dpt:29999 to:88.206.209.35<br>
0 0 SNAT udp -- * eth1
0.0.0.0/0 192.168.3.20 udp dpt:29999 to:88.206.209.35<br>
<br>
Chain OUTPUT (policy ACCEPT 5334 packets, 392393 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
<br>
<br>
<br>
iptables -vxnL<br>
Chain INPUT (policy DROP 0 packets, 0 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
46958609 68467454360 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED<br>
8 320 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW<br>
0 0 In_RULE_0 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp spts:15000:15100 state NEW<br>
0 0 In_RULE_0 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpts:15000:15100 state NEW<br>
0 0 In_RULE_0 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:60000 state NEW<br>
0 0 In_RULE_1 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW<br>
3 180 In_RULE_2 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:666 state NEW<br>
23 3096 In_RULE_2 udp -- eth1 *
0.0.0.0/0 0.0.0.0/0 udp dpt:666 state NEW<br>
0 0 In_RULE_3 icmp -- eth1 *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
15 849 In_RULE_3 icmp -- eth1 *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
268 16032 In_RULE_4 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW<br>
0 0 In_RULE_5 all -- eth1 *
88.206.209.35 0.0.0.0/0<br>
0 0 In_RULE_5 all -- eth1 *
192.168.3.1 0.0.0.0/0<br>
0 0 In_RULE_6 icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 In_RULE_6 icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
21 1008 In_RULE_6 tcp -- eth0 *
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
22,445,139 state NEW<br>
0 0 RULE_7 all -f * *
0.0.0.0/0 0.0.0.0/0<br>
0 0 Cid423C6D80.0 tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp multiport dports 53,80
state NEW<br>
138 8970 Cid423C6D80.0 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW<br>
85 30376 Cid423C6D8B.0 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp multiport dports 68,67
state NEW<br>
54 17712 Cid423C6D8B.1 udp -- * *
0.0.0.0/0 255.255.255.255 udp multiport dports 68,67
state NEW<br>
0 0 Cid423C6DA1.0 all -- * *
88.206.209.35 0.0.0.0/0 state NEW<br>
261 49672 Cid423C6DA1.0 all -- * *
192.168.3.1 0.0.0.0/0 state NEW<br>
604 107644 RULE_12 all -- * *
192.168.3.0/24 0.0.0.0/0 state NEW<br>
4382 681691 RULE_13 all -- * *
0.0.0.0/0 0.0.0.0/0<br>
0 0 In_RULE_14 all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain FORWARD (policy DROP 0 packets, 0 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
104164 56798804 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED<br>
10 460 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW<br>
0 0 In_RULE_2 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:666 state NEW<br>
0 0 In_RULE_2 udp -- eth1 *
0.0.0.0/0 0.0.0.0/0 udp dpt:666 state NEW<br>
0 0 Out_RULE_2 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:666 state NEW<br>
0 0 Out_RULE_2 udp -- * eth1
0.0.0.0/0 0.0.0.0/0 udp dpt:666 state NEW<br>
0 0 In_RULE_3 icmp -- eth1 *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 In_RULE_3 icmp -- eth1 *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 Out_RULE_3 icmp -- * eth1
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
12 720 Out_RULE_3 icmp -- * eth1
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 In_RULE_4 tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW<br>
12 576 Out_RULE_4 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW<br>
0 0 In_RULE_5 all -- eth1 *
88.206.209.35 0.0.0.0/0<br>
0 0 In_RULE_5 all -- eth1 *
192.168.3.1 0.0.0.0/0<br>
0 0 In_RULE_6 icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 In_RULE_6 icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
2 96 In_RULE_6 tcp -- eth0 *
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
22,445,139 state NEW<br>
0 0 Out_RULE_6 icmp -- * eth0
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 Out_RULE_6 icmp -- * eth0
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 Out_RULE_6 tcp -- * eth0
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
22,445,139 state NEW<br>
0 0 RULE_7 all -f * *
0.0.0.0/0 0.0.0.0/0<br>
4675 253320 RULE_12 all -- * *
192.168.3.0/24 0.0.0.0/0 state NEW<br>
1467 58692 In_RULE_14 all -- + *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain OUTPUT (policy DROP 61 packets, 3964 bytes)<br>
pkts bytes target prot opt in out
source destination<br>
21828099 1039348396 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED<br>
5 200 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW<br>
0 0 Cid423C6E00.0 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp spts:15000:15100 state NEW<br>
0 0 Cid423C6E00.0 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpts:15000:15100 state NEW<br>
0 0 Cid423C6E00.0 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:60000 state NEW<br>
383 22980 Cid7440X8416.0 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW<br>
29 1740 Out_RULE_2 tcp -- * eth1
0.0.0.0/0 0.0.0.0/0 tcp dpt:666 state NEW<br>
21 2720 Out_RULE_2 udp -- * eth1
0.0.0.0/0 0.0.0.0/0 udp dpt:666 state NEW<br>
0 0 Out_RULE_3 icmp -- * eth1
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 Out_RULE_3 icmp -- * eth1
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
12 720 Out_RULE_4 tcp -- * eth1 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 state NEW<br>
0 0 Out_RULE_6 icmp -- * eth0
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 Out_RULE_6 icmp -- * eth0
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
0 0 Out_RULE_6 tcp -- * eth0
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
22,445,139 state NEW<br>
0 0 RULE_7 all -f * *
0.0.0.0/0 0.0.0.0/0<br>
0 0 Cid423C6D97.0 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp multiport dports 68,67
state NEW<br>
285 23940 RULE_11 icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 state NEW<br>
0 0 RULE_11 icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0 state NEW<br>
530 31800 RULE_11 tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
53,21,80,443,22,873,2401,25 state N<br>
EW<br>
16 960 RULE_11 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpts:33434:33524 state NEW<br>
1488 98378 RULE_11 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW<br>
284 51681 RULE_12 all -- * *
192.168.3.0/24 0.0.0.0/0 state NEW<br>
0 0 RULE_13 all -- * *
0.0.0.0/0 88.206.209.35<br>
0 0 RULE_13 all -- * *
0.0.0.0/0 192.168.3.1<br>
<br>
Chain Cid423C6D80.0 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 In_RULE_8 all -- * *
192.168.0.0/16 0.0.0.0/0<br>
0 0 In_RULE_8 all -- * *
192.168.1.0/24 0.0.0.0/0<br>
0 0 In_RULE_8 all -- * *
192.168.3.0/24 0.0.0.0/0<br>
<br>
Chain Cid423C6D8B.0 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
11 6099 RULE_9 all -- * *
0.0.0.0 0.0.0.0/0<br>
20 6565 RULE_9 all -- * *
192.168.3.0/24 0.0.0.0/0<br>
<br>
Chain Cid423C6D8B.1 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 RULE_9 all -- * *
0.0.0.0 0.0.0.0/0<br>
0 0 RULE_9 all -- * *
192.168.3.0/24 0.0.0.0/0<br>
<br>
Chain Cid423C6D97.0 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 RULE_10 all -- * *
0.0.0.0/0 192.168.0.0/16<br>
0 0 RULE_10 all -- * *
0.0.0.0/0 192.168.3.0/24<br>
<br>
Chain Cid423C6DA1.0 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 RULE_11 icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0<br>
0 0 RULE_11 icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 0 code 0<br>
0 0 RULE_11 tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp multiport dports
53,21,80,443,22,873,2401,25<br>
0 0 RULE_11 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpts:33434:33524<br>
0 0 RULE_11 udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:53<br>
<br>
Chain Cid423C6E00.0 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 Out_RULE_0 all -- * *
0.0.0.0/0 88.206.209.35<br>
0 0 Out_RULE_0 all -- * *
0.0.0.0/0 192.168.3.1<br>
<br>
Chain Cid7440X8416.0 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 Out_RULE_1 all -- * *
0.0.0.0/0 88.206.209.35<br>
0 0 Out_RULE_1 all -- * *
0.0.0.0/0 192.168.3.1<br>
<br>
Chain In_RULE_0 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`FTPD'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_1 (1 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`HTTPD'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_14 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
1467 58692 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `LAST DENY'<br>
1467 58692 DROP all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_2 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
26 3276 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`VPN'<br>
26 3276 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_3 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
15 849 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`PING_REQUEST'<br>
15 849 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_4 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
268 16032 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`SSH'<br>
268 16032 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_5 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`SPOOFING'<br>
0 0 DROP all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_6 (6 references)<br>
pkts bytes target prot opt in out
source destination<br>
23 1104 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`INTERNAL'<br>
23 1104 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain In_RULE_8 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`OUT'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_0 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`FTPD'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_1 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`HTTPD'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_2 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
50 4460 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`VPN'<br>
50 4460 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_3 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
12 720 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`PING_REQUEST'<br>
12 720 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_4 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
24 1296 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`SSH'<br>
24 1296 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain Out_RULE_6 (6 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`INTERNAL'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_10 (2 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`testB'<br>
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_11 (10 references)<br>
pkts bytes target prot opt in out
source destination<br>
2319 155078 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`OUTGOING'<br>
2319 155078 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_12 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
5563 412645 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`NAT_CONNECTIONS'<br>
5563 412645 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_13 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
4382 681691 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 1 prefix
`DENIED'<br>
4382 681691 DROP all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_7 (3 references)<br>
pkts bytes target prot opt in out
source destination<br>
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`FRAGMENTS'<br>
0 0 DROP all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
Chain RULE_9 (4 references)<br>
pkts bytes target prot opt in out
source destination<br>
31 12664 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 5 prefix
`testA'<br>
31 12664 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</font></font>
<div class="moz-text-plain" wrap="true" graphical-quote="true"
style="font-family: -moz-fixed; font-size: 13px;" lang="x-western">
<pre wrap="">On Tue, Oct 27, 2009 at 03:23:28PM +0100, Natanael Yngvesson wrote:
</pre>
<blockquote type="cite" style="color: rgb(0, 0, 0);">
<pre wrap=""><span class="moz-txt-citetags">> </span>I have 3 servers.
<span class="moz-txt-citetags">> </span>MASTER, OFFICE and BACKUP
<span class="moz-txt-citetags">> </span>2 different VPN tunnels called "vpn"(MASTER <=> OFFICE) and "btun"(MASTER
<span class="moz-txt-citetags">> </span><=> BACKUP).
</pre>
</blockquote>
<pre wrap="">Why do you have two separate VPNs? Tinc can handle multiple connections.
</pre>
<blockquote type="cite" style="color: rgb(0, 0, 0);">
<pre wrap=""><span class="moz-txt-citetags">> </span>The problem is the "btun" tunnel....BACKUP can connect to MASTER, but
<span class="moz-txt-citetags">> </span>MASTER can't connect to BACKUP.
<span class="moz-txt-citetags">> </span>
<span class="moz-txt-citetags">> </span>When MASTER is trying to ping BACKUP, the firewall on MASTER register
<span class="moz-txt-citetags">> </span>this:
<span class="moz-txt-citetags">> </span>
<span class="moz-txt-citetags">> </span>root@prod:~# tail -f /var/log/messages | grep 192.168.3.1
<span class="moz-txt-citetags">> </span>Oct 27 15:03:38 prod kernel: [62614.001583] TESTOUTIN= OUT=btun
<span class="moz-txt-citetags">> </span>SRC=192.168.0.1 DST=192.168.3.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
<span class="moz-txt-citetags">> </span>PROTO=ICMP TYPE=8 CODE=0 ID=34912 SEQ=1
<span class="moz-txt-citetags">> </span>
<span class="moz-txt-citetags">> </span>BACKUP firewall do not register anything, so the traffic is going
<span class="moz-txt-citetags">> </span>somewhere else.
<span class="moz-txt-citetags">> </span>OFFICE firewall do not register anything either.
<span class="moz-txt-citetags">> </span>
<span class="moz-txt-citetags">> </span>I think it's a routing problem, but I can't see where.
</pre>
</blockquote>
<pre wrap="">Well your routing tables look fine, and your firewall logs the packet as going
out via the btun interface, that looks fine as well. I think it's rather a
firewall problem. Can you show us the output of "iptables -vxnL" and "iptables
-t nat -vxnL" from both MASTER and BACKUP?
<div class="moz-txt-sig">--
Met vriendelijke groet / with kind regards,
Guus Sliepen <a class="moz-txt-link-rfc2396E"
href="mailto:guus@tinc-vpn.org"><guus@tinc-vpn.org></a>
</div></pre>
</div>
<pre wrap="">
</pre>
<br>
<br>
</body>
</html>