tinc - controlling communication between nodes

Yazeed Fataar yazeedfataar at gmail.com
Mon Feb 13 12:59:24 CET 2017


Thank you Guillermo. I will give it a go and revert back with my results.

Regards
Yazeed Fataar
<yazeedfataar at hotmail.com>

On Mon, Feb 13, 2017 at 2:26 PM, Guillermo Bisheimer <
gbisheimer at bys-control.com.ar> wrote:

> Hi Yazeed,
>
> You have to add this to tinc.conf
>
> TunnelServer = yes
>
> Otherwise tinc will manage package routing internally. Then you can manage
> forwarding rules using IPTABLES as usual.
>
> Hope it helps.
>
>
>
> El lun., 13 feb. 2017 a las 8:11, Yazeed Fataar (<yazeedfataar at gmail.com>)
> escribió:
>
> Hi
>
> I have a simple hub and spoke topology where all my nodes connect to a
> central node. Below is tinc.conf for main node
>
> *tinc.conf*
> Name = main
> Interface = tun0
> Forwarding = kernel
>
> and the remote nodes have same with ConnectTo = main.
>
> I have tried to apply a basic iptable policy on the main node but the
> traffic still seems to passthough and the nodes can communicate with each
> other. How do I apply policy between the two remote nodes on the main hub
> node? I would like in future to only allow a selected ports to be allowed
> between the nodes but for now I want iptables to manage policy between
> nodes.
>
> *Main node IPTABLES rule*
>
>
>  iptables -A FORWARD -s <site1-ip> -d <site2-ip> -j DROP
>  iptables -A FORWARD -s <site2-ip> -d <site1-ip> -j DROP
> default DENY
>
> Regards
> Yazeed
> <yazeedfataar at hotmail.com>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
> --
>
> *Ing. Guillermo Bisheimer*
>
> *B&S Sistemas de Control y Equipamientos*
>
> Av. de los Constituyentes 1172
>
> (E3116CIX) Crespo, Entre Ríos
>
> Tel/Fax: (0343) 407-8990 (Nuevo número)
>
> Cel: (0343) 154679052
>
> WEB: www.bys-control.com.ar
>
> e-mail: gbisheimer at bys-control.com.ar
>
> skype: guillermo.bisheimer
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170213/ddb5ae42/attachment-0001.html>


More information about the tinc mailing list