tinc fails because of firewall script
guus sliepen
guus at sliepen.warande.net
Thu May 17 18:15:49 CEST 2001
on thu, may 17, 2001 at 03:55:46pm +0100, gillian wrote:
> i am a bit stuck with firewalling rules at the moment. maybe someone
> could please advise me a good rc.firewall script to use on my setup.
> if anyone runs an ipchains firewall script on their linux box which is
> also running tinc, could they please mail it to me, for my perusal.
>
> i have tinc pre3 set up and working on my systems, however i can only
> get it to work if i set the firewall to an 'accept' policy, which is
> not a sensible way to run it.
[...]
> Here is a secure firewall script (from Linux Box A) that stops tinc working:
[...]
> When I look at the /var/log/messages file I get the following 'reject' message:
>
> May 17 15:21:16 linuxa kernel: Packet log: forward REJECT tap0 PROTO=1 192.168
> .1.40:8 192.168.3.10:0 L=84 S=0x00 I=11789 F=0x0000 T=63 (#6)
> May 17 15:21:17 linuxa kernel: Packet log: forward REJECT tap0 PROTO=1 192.168
> .1.40:8 192.168.3.10:0 L=84 S=0x00 I=11791 F=0x0000 T=63 (#6)
>
> I get this when I try pinging machine B '192.168.3.10' from machine A '192.168.1.40'.
>
> Okay, well, if you are able to help and need any more information, then please
> ask for it. Note that I am happy that tinc is working, but only when I have an
> 'insecure' ACCEPT all policy firewall. Thanks for any assistance.
Well, you have incoming and outgoing chains set to REJECT everything by
default, opened a lot of stuff on eth0 and eth1, but you forgot to add rules to
allow traffic to/from tap0...
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.warande.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20010517/46b5c4bc/attachment.pgp
More information about the Tinc
mailing list