Question concerning iptables and the example at tinc's homepage
Reil
reil at gemeinde-berg.de
Mon Nov 28 17:21:27 CET 2005
Hi all,
hi Guus,
in july 2004 i received an e-mail from you concerning the way a
packet takes across a (tinc)vpn:
> They are forwarded from eth0 to tap0, but the kernel doesn't know that
> tinc is forwarding them from tap0 to ippp0. So, the UDP and TCP
> packets that tinc sends will be seen by the OUTPUT chain instead of
> the FORWARD chain. At the other end, the received UDP and TCP packets
> will be seen by the INPUT chain. When tinc sends the packets to tap0,
> they will be forwarded to eth0 and then you should use the FORWARD
> chain again.
Now i'm confused because looking at
http://www.tinc-vpn.org/examples/on-firewall
the example for the iptables rules is looking like this:
--- schnipp ---
...
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -A FORWARD -j ACCEPT -i ppp0 -o eth0 -d 10.20.30.0/24
iptables -A FORWARD -j ACCEPT -i eth0 -o ppp0 -s 10.20.30.0/24
iptables -A FORWARD -j ACCEPT -i vpn -o eth0 -s 10.20.0.0/16 -d
10.20.30.0/24
iptables -A FORWARD -j ACCEPT -i eth0 -o vpn -s 10.20.30.0/24 -d
10.20.0.0/16
...
--- schnapp ---
I don't understand the first two ACCEPT rules. They allow every
traffic from outside to inside and vice versa. Shouldn't there be any
INPUT / OUTPUT rules ACCEPTing only TCP / UDP on port 655 instead of
this two FORWARD rules?
Any hint would be appreciated...
Greetings,
Alexander Reil
--
Gemeinde Berg
Herr Reil
Telefon: 08151/508-41
Fax: 08151/508-88
E-Mail: reil at gemeinde-berg.de
More information about the tinc
mailing list