<html><body><div>hi</div><div>It was not working when i applied the rules on the vpn card. But I wondered if maybe bridging of vpn and eth0 was messing this up. I thought it was enough to only apply it to the vpn card</div><div><br data-mce-bogus="1"></div><div><p class="p1"><span class="s1">root@JOTVPN:~# brctl show</span></p><p class="p1"><span class="s1">bridge name<span class="Apple-tab-span"> </span>bridge id<span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span>STP enabled<span class="Apple-tab-span"> </span>interfaces</span></p><p class="p1"><span class="s1">bridge<span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span>8000.000c29638a7e<span class="Apple-tab-span"> </span>no<span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span>eth0</span></p><p class="p1"><span class="s1"><span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span>vpn</span></p></div><div><br data-mce-bogus="1"></div><div>so I tried the rules you sent me on the bridge card an now it works. But why is not both rules applied on outgoing traffic? </div><div><br data-mce-bogus="1"></div><div>Thank you so much for your help to get this working :-)</div><div><br data-mce-bogus="1"></div><div>Best Regards,</div><div><br data-mce-bogus="1"></div><div>Håvard Rabbe</div><div><br data-mce-bogus="1"></div><div><p class="p1"><span class="s1">root@JOTVPN:~# ip6tables --list-rules</span></p><p class="p1"><span class="s1">-P INPUT ACCEPT</span></p><p class="p1"><span class="s1">-P FORWARD ACCEPT</span></p><p class="p1"><span class="s1">-P OUTPUT ACCEPT</span></p><p class="p1"><span class="s1">-A FORWARD -o bridge -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP</span></p><p class="p1"><span class="s1">-A FORWARD -i bridge -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j DROP</span></p></div><div><br data-mce-bogus="1"></div><div>On Feb 23, 2017, at 10:48 AM, Guus Sliepen <guus@tinc-vpn.org> wrote:<br><br></div><div><blockquote type="cite"><div class="msg-quote"><div class="_stretch"><span class="body-text-content">On Wed, Feb 22, 2017 at 08:51:49PM +0000, Håvard Rabbe wrote:<br><br><blockquote type="cite" class="quoted-plain-text">thank you for looking in to this. I haven't tried it before now. I cant get it to work.</blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text">after running the commands you suggest I get this when I run ip6tables --list-rules</blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text">root@JOTVPN:~# ip6tables --list-rules</blockquote><blockquote type="cite" class="quoted-plain-text">-P INPUT ACCEPT</blockquote><blockquote type="cite" class="quoted-plain-text">-P FORWARD ACCEPT</blockquote><blockquote type="cite" class="quoted-plain-text">-P OUTPUT ACCEPT</blockquote><blockquote type="cite" class="quoted-plain-text">-A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP</blockquote><blockquote type="cite" class="quoted-plain-text">-A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j DROP</blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text">Do you have any other ideas?</blockquote><br>It could be I have the direction of the ICMP messages wrong. Try adding:<br><br>ip6tables -A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP<br>ip6tables -A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j DROP<br><br>-- <br>Met vriendelijke groet / with kind regards,<br> Guus Sliepen <guus@tinc-vpn.org><br></span></div><div class="_stretch"><span class="body-text-content">_______________________________________________<br>tinc mailing list<br><a href="mailto:tinc@tinc-vpn.org" data-mce-href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br><a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" data-mce-href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br></span></div></div></blockquote></div></body></html>