firewalling / netfilter / iptables / tcpdump on the vpn
xavier
list.tinc at natch.dyndns.org
Mon May 8 15:11:34 CEST 2006
Hi !
I tried tinc, i'm very happy with it ;
however, i have difficulties firewalling on the vpn itself ;
here is my situation and what i'm experiencing:
hosta ----|
vpn server
hostb ----|
my interface is named vpn1
i can firewall connexions starting from host a and b to the vpn server (on the vpn server)
(iptables -A INPUT -i vpn1 bla bla)
i can firewall connexions starting from host a to host b (on host a and b)
i can NOT firewall connexions starting from host a to host on the vpn server.
actually, tcpdump report the same thing :
i can't see the traffic between host a and b,
even if technically it's going through the vpn server (i can see the
encrypted traffic on eth0 of the vpn server)
it's a problem when you want to rescrict access from the vpn server, between 2 vpn hosts.
any solution ?
i guess i could create an interface for each host (vpnhosta, vpnhostb...) but
this would be a pain to manage.
thanks
--
xavier
More information about the tinc
mailing list