tinc connection only usable after ping from other side
uws
uws at xs4all.nl
Sat Jan 17 19:08:23 CET 2004
På Fri, Jan 16, 2004 at 09:01:22PM +0100, Guus Sliepen skrev:
> On Fri, Jan 16, 2004 at 07:25:24PM +0100, uws wrote:
> > > Stateful firewall rules?
> > You can view my firewall script at [1]. The tinc daemon runs on the same
> > machine as the firewall script, so I don't need portforwarding. This box has
> > (1) a pptp internet connection to the internet over a (2) dedicated cross
> > cable LAN to my ADSL modem and a (3) local area network connection to other
> > hosts. Everything works just fine, except for tinc.
> The relevant lines from your firewall script are:
> $IPTABLES --policy INPUT DROP
> $IPTABLES --append INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
> And remember that tinc's UDP packets are sent and received to and from
> $EXTERNALIF.
However, I use "TCPonly = yes" for all my connections, because the other
side is always behind a NAT router.
The only oddness I just discovered, is that I used "TCPonly" (without
capital O) instead of "TCPOnly" in my hosts config files. I can't test right
now, but does this make a difference?
mvrgr, Wouter
--
:wq mail uws at xs4all.nl
and it's you i see :: but you don't see me -- coldplay
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list