firewalling / netfilter / iptables / tcpdump on the vpn
Russell Handorf
rhandorf at handorf.org
Mon May 8 15:31:15 CEST 2006
Use the FORWARD rule. If you have the interfaces bridged, you'll need to
use the firewalling support for bridging option.
r
xavier wrote:
> Hi !
>
> I tried tinc, i'm very happy with it ;
> however, i have difficulties firewalling on the vpn itself ;
> here is my situation and what i'm experiencing:
>
>
>
> hosta ----|
> vpn server
> hostb ----|
>
>
> my interface is named vpn1
>
> i can firewall connexions starting from host a and b to the vpn server (on the vpn server)
> (iptables -A INPUT -i vpn1 bla bla)
>
> i can firewall connexions starting from host a to host b (on host a and b)
>
> i can NOT firewall connexions starting from host a to host on the vpn server.
>
>
> actually, tcpdump report the same thing :
>
> i can't see the traffic between host a and b,
> even if technically it's going through the vpn server (i can see the
> encrypted traffic on eth0 of the vpn server)
>
> it's a problem when you want to rescrict access from the vpn server, between 2 vpn hosts.
>
>
>
> any solution ?
>
> i guess i could create an interface for each host (vpnhosta, vpnhostb...) but
> this would be a pain to manage.
>
> thanks
>
>
More information about the tinc
mailing list