<div dir="ltr"><div>Here are the config files Thanks!:</div><div><br></div><div><br></div><div><br></div><div># tinc.conf on MASTER</div><div># ------- master -------</div><div>Name = master</div><div>Device = /dev/net/tun</div><div>AddressFamily=ipv4</div><div>---------------------------------------------<br></div><div><br></div><div><br></div><div><div><div><div>cat tinc-up</div><div># tinc-up on MASTER<br></div><div>ifconfig $INTERFACE 10.0.3.1 netmask 255.255.255.0</div></div><div>---------------------------------------------<br></div></div></div><div><div><div><br></div><div><br></div><div>cat tinc-up</div><div># tinc-up on WEB<br></div><div>ifconfig $INTERFACE 10.0.3.3 netmask 255.255.255.0</div></div><div>---------------------------------------------<br></div></div><div><br></div><div><br></div><div># tinc.conf on WEB<br></div><div><div># ------- web -------</div><div>Name = web</div><div>Device = /dev/net/tun</div><div>AddressFamily=ipv4</div><div>ConnectTo = master</div><div>#ConnectTo = home</div></div><div>---------------------------------------------<br></div><div><br></div><div><br></div><div><br></div><div><div>cat hosts/master on BOTH</div><div># ------- master -------</div><div>Address = 1.2.3.4 #public IP</div><div>Subnet = <a href="http://10.0.3.1/32">10.0.3.1/32</a></div><div><br></div><div>-----BEGIN RSA PUBLIC KEY-----</div><div>My Key on MASTER</div><div>-----END RSA PUBLIC KEY-----</div></div><div>---------------------------------------------</div><div></div><div></div><div></div><div></div><div></div><div><br></div><div><br></div><div><br></div><div><br></div><div><div>cat hosts/web on BOTH</div><div># ------- web -------</div><div>Address = 4.3.2.1 #public IP</div><div>Subnet = <a href="http://10.0.3.3/32">10.0.3.3/32</a></div><div># Public key goes below here</div><div><br></div><div>-----BEGIN RSA PUBLIC KEY-----</div><div>My Key on WEB</div><div>-----END RSA PUBLIC KEY-----</div></div><div>---------------------------------------------<br></div><div><br></div><div><br></div><img src="http://t.sidekickopen68.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v4Lz1jW3LyKnT5w02x6N4WrMfjd3_yKVQ5z061k1H6H0?si=6076461913210880&pi=b9386b75-86f7-48eb-c8a0-e14dd4557b42" style="display:none!important" height="1" width="1"></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 30, 2017 at 2:43 PM, Guillermo Bisheimer <span dir="ltr"><<a href="mailto:gbisheimer@bys-control.com.ar" target="_blank">gbisheimer@bys-control.com.ar</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Can you post your Tinc configuration too?</div><br><div class="gmail_quote"><div><div class="h5"><div dir="ltr">El lun., 30 ene. 2017 a las 11:42, Dave Albert (<<a href="mailto:dave.albert@gmail.com" target="_blank">dave.albert@gmail.com</a>>) escribió:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr" class="m_-8472518747159591583gmail_msg">Here is an extract of my<font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> current iptables that are not working:</font><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></font></div><div class="m_-8472518747159591583gmail_msg"><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> iptables -L -n -v</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> Chain INPUT (policy DROP 8 packets, 1120 bytes)</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> pkts bytes target prot opt in out source destination</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- lo * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:3306</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT udp -- lo * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> udp dpt:3306</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 NRPE tcp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:5666</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT icmp -- * * x.x.x.x <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> icmptype 8</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT icmp -- * * 127.0.0.1 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> icmptype 8</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT icmp -- * * <a href="http://10.0.3.0/24" class="m_-8472518747159591583gmail_msg" target="_blank">10.0.3.0/24</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> icmptype 8</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * * <a href="http://10.0.3.0/24" class="m_-8472518747159591583gmail_msg" target="_blank">10.0.3.0/24</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT udp -- * * <a href="http://10.0.3.0/24" class="m_-8472518747159591583gmail_msg" target="_blank">10.0.3.0/24</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 DROP icmp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> icmptype 8</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT icmp -- * * x.x.x.x <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> icmptype 8</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT icmp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> state RELATED,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:5666</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:22 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 192 13741 ACCEPT tcp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:2222 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:80 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:443 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT all -- lo * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT all -- docker0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT udp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> udp spt:53</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:80 limit: avg 25/min burst 100</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT udp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> udp spt:123</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:25</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:22 state ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:2222 state ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:655 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 6 8976 ACCEPT udp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> udp dpt:655 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:80 state ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- eth0 * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:443 state ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> Chain FORWARD (policy DROP 0 packets, 0 bytes)</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> pkts bytes target prot opt in out source destination</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT all -- * docker0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://172.17.0.0/16" class="m_-8472518747159591583gmail_msg" target="_blank">172.17.0.0/16</a> ctstate RELATED,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT all -- docker0 * <a href="http://172.17.0.0/16" class="m_-8472518747159591583gmail_msg" target="_blank">172.17.0.0/16</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT all -- docker0 docker0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> Chain OUTPUT (policy DROP 0 packets, 0 bytes)</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> pkts bytes target prot opt in out source destination</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 NRPE tcp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:5666</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * * <a href="http://10.0.3.0/24" class="m_-8472518747159591583gmail_msg" target="_blank">10.0.3.0/24</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT udp -- * * <a href="http://10.0.3.0/24" class="m_-8472518747159591583gmail_msg" target="_blank">10.0.3.0/24</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT icmp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> icmptype 0</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT icmp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> state NEW,RELATED,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:5666</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:22 state ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 140 44173 ACCEPT tcp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:2222 state ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:80 state ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:443 state ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT all -- * lo <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT all -- * docker0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT udp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> udp dpt:53</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT udp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> udp dpt:123</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:25</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:22 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:2222 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp spt:655 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 6 8976 ACCEPT udp -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> udp spt:655 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:80 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT tcp -- * eth0 <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> tcp dpt:443 state NEW,ESTABLISHED</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> Chain NRPE (2 references)</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> pkts bytes target prot opt in out source destination</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT all -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> x.x.x.x</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 ACCEPT all -- * * x.x.x.x <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> 0 0 DROP all -- * * <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" class="m_-8472518747159591583gmail_msg" target="_blank">0.0.0.0/0</a></font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> iptables -t nat -L -n -v</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> Chain PREROUTING (policy ACCEPT 6 packets, 1831 bytes)</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> pkts bytes target prot opt in out source destination</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> Chain INPUT (policy ACCEPT 4 packets, 1348 bytes)</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> pkts bytes target prot opt in out source destination</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> Chain OUTPUT (policy ACCEPT 14 packets, 856 bytes)</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> pkts bytes target prot opt in out source destination</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> </font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> Chain POSTROUTING (policy ACCEPT 2 packets, 136 bytes)</font></div><div class="m_-8472518747159591583gmail_msg"><font face="monospace, monospace" class="m_-8472518747159591583gmail_msg"> pkts bytes target prot opt in out source destination</font></div></div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><img src="http://t.sidekickopen68.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v4Lz1jW3LyKnT5w02x6N4WrMfjd3_yKVQ5z061k1H6H0?si=6076461913210880&pi=174a282b-0da7-4bb5-c18f-57c5053883af" style="display:none!important" height="1" width="1" class="m_-8472518747159591583gmail_msg"></div><div class="gmail_extra m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"><div class="gmail_quote m_-8472518747159591583gmail_msg">On Mon, Jan 30, 2017 at 2:05 PM, Dave Albert <span dir="ltr" class="m_-8472518747159591583gmail_msg"><<a href="mailto:dave.albert@gmail.com" class="m_-8472518747159591583gmail_msg" target="_blank">dave.albert@gmail.com</a>></span> wrote:<br class="m_-8472518747159591583gmail_msg"><blockquote class="gmail_quote m_-8472518747159591583gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="m_-8472518747159591583gmail_msg">Hi, <div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg"> I've been able to get tinc setup when I flush all my iptables, but after enabling iptables and a delay I get a "Destination Net Unknown". I have three host (HOME10.0.3.2, MASTER 10.0.3.1, WEB 10.0.3.3) MASTER and WEB are in Digital ocean in the same data centre. </div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg">HOME <---> MASTER <---> WEB</div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg">I've tried multiple forwarding/masquerading/etc rules and don't understand what I'm missing. </div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg">When iptables are enabled (same rules on MASTER and WEB) I get the following results:</div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg"><div class="m_-8472518747159591583gmail_msg">HOME $ ping 10.0.3.1 ==> Success</div><div class="m_-8472518747159591583gmail_msg">HOME $ ping 10.0.3.3 ==> Destination Net Unknown<br class="m_-8472518747159591583gmail_msg"></div></div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg"><div class="m_-8472518747159591583gmail_msg">MASTER $ ping 10.0.3.2 ==> Success</div><div class="m_-8472518747159591583gmail_msg">MASTER $ ping 10.0.3.3 ==> Destination Net Unknown<br class="m_-8472518747159591583gmail_msg"></div></div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg"><div class="m_-8472518747159591583gmail_msg">WEB $ ping 10.0.3.1 ==> Destination Net Unknown</div><div class="m_-8472518747159591583gmail_msg">WEB $ ping 10.0.3.2 ==> Destination Net Unknown<br class="m_-8472518747159591583gmail_msg"></div></div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg">It's not just ICMP though, I get the same results for "nc -vz x.x.x.x 22"</div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg">I'd appreciate any help.</div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><div class="m_-8472518747159591583gmail_msg">Thanks,</div><div class="m_-8472518747159591583gmail_msg"> Dave</div><div class="m_-8472518747159591583gmail_msg"><br class="m_-8472518747159591583gmail_msg"></div><img src="http://t.sidekickopen68.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v4Lz1jW3LyKnT5w02x6N4WrMfjd3_yKVQ5z061k1H6H0?si=6076461913210880&pi=53556b78-1675-4568-8876-bbba8c1b7753" style="display:none!important" height="1" width="1" class="m_-8472518747159591583gmail_msg"></div>
</blockquote></div><br class="m_-8472518747159591583gmail_msg"></div></div></div>
______________________________<wbr>_________________<br class="m_-8472518747159591583gmail_msg">
tinc mailing list<br class="m_-8472518747159591583gmail_msg">
<a href="mailto:tinc@tinc-vpn.org" class="m_-8472518747159591583gmail_msg" target="_blank">tinc@tinc-vpn.org</a><br class="m_-8472518747159591583gmail_msg">
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" class="m_-8472518747159591583gmail_msg" target="_blank">https://www.tinc-vpn.org/cgi-<wbr>bin/mailman/listinfo/tinc</a><br class="m_-8472518747159591583gmail_msg">
</blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr"><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><b><i><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">Ing. Guillermo Bisheimer</span></i></b><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><b><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">B&S Sistemas de Control y Equipamientos</span></b><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">Av. de los Constituyentes 1172</span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">(E3116CIX) Crespo, Entre Ríos</span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="background-color:rgb(255,255,0)"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">Tel/Fax: (</span><font color="#4f81bd" face="Arial, sans-serif">0343) 407-8990 (Nuevo número)</font></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">Cel: (0343) 154679052</span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">WEB: </span><span style="font-size:10pt;font-family:arial,sans-serif;color:rgb(31,73,125)"><a href="http://www.bys-control.com.ar/" target="_blank">www.bys-control.com.ar</a></span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">e-mail: <a href="mailto:gbisheimer@bys-control.com.ar" target="_blank">gbisheimer@bys-<wbr>control.com.ar</a></span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">skype: guillermo.bisheimer</span></p></div></div>
<br>______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-<wbr>bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div>