Can't Route LAN Traffic Behind Tinc Network
Kismet Agbasi
kagbasi at centraltruck.net
Thu Oct 6 16:33:21 CEST 2016
Thanks Keith. Here's the output:
root at ubuntu2:~# iptables -vnL FORWARD
Chain FORWARD (policy ACCEPT 745 packets, 47680 bytes)
pkts bytes target prot opt in out source destination
6299 416K ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
6299 416K ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0
6299 416K ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0
6299 416K ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
6299 416K ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0
What's interesting is when I watch this command I see the packet count increasing as I run MTR on the remote node, indicating to me that the packets are arriving and hitting the correct chain, but not making it out or going out the wrong interface......hmmm. As you can tell I use UFW so here's the output of "ufw status numbered":
root at ubuntu2:~# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 161 ALLOW IN Anywhere
[ 2] 22 ALLOW IN Anywhere
[ 3] 1194 ALLOW IN Anywhere
[ 4] 655 ALLOW IN Anywhere
[ 5] DNS ALLOW IN Anywhere
Very Respectfully,
Kismet Agbasi
-----Original Message-----
From: Keith [mailto:keith at rhizomatica.org]
Sent: Thursday, October 6, 2016 10:14 AM
To: tinc at tinc-vpn.org; kagbasi at centraltruck.net
Subject: Re: Can't Route LAN Traffic Behind Tinc Network
On 06/10/2016 15:48, Kismet Agbasi wrote:
>> Did you remember to activate kernel ip forwarding?
>> i.e. echo 1 > /proc/sys/net/ipv4/ip_forward ?
> I actually forgot to do this, but I have enabled it now in /etc/systctl.conf and can confirm now after a reboot that it's enabled. Unfortunately, still can't ping the node on the LAN.
OK , let's just do one other simple thing before we continue, could you post the output of iptables -vnL FORWARD as long as it doesn't reveal anything you would prefer not to be public.
Thanks!
More information about the tinc
mailing list