tinc - controlling communication between nodes

Yazeed Fataar yazeedfataar at gmail.com
Tue Feb 14 18:19:14 CET 2017 

Hi Guillermo

Thank you , that did the trick :-0

Regards
Yazeed Fataar
<yazeedfataar at hotmail.com>

On Mon, Feb 13, 2017 at 2:59 PM, Yazeed Fataar <yazeedfataar at gmail.com>
wrote:

> Thank you Guillermo. I will give it a go and revert back with my results.
>
> Regards
> Yazeed Fataar
> <yazeedfataar at hotmail.com>
>
> On Mon, Feb 13, 2017 at 2:26 PM, Guillermo Bisheimer <
> gbisheimer at bys-control.com.ar> wrote:
>
>> Hi Yazeed,
>>
>> You have to add this to tinc.conf
>>
>> TunnelServer = yes
>>
>> Otherwise tinc will manage package routing internally. Then you can
>> manage forwarding rules using IPTABLES as usual.
>>
>> Hope it helps.
>>
>>
>>
>> El lun., 13 feb. 2017 a las 8:11, Yazeed Fataar (<yazeedfataar at gmail.com>)
>> escribió:
>>
>> Hi
>>
>> I have a simple hub and spoke topology where all my nodes connect to a
>> central node. Below is tinc.conf for main node
>>
>> *tinc.conf*
>> Name = main
>> Interface = tun0
>> Forwarding = kernel
>>
>> and the remote nodes have same with ConnectTo = main.
>>
>> I have tried to apply a basic iptable policy on the main node but the
>> traffic still seems to passthough and the nodes can communicate with each
>> other. How do I apply policy between the two remote nodes on the main hub
>> node? I would like in future to only allow a selected ports to be allowed
>> between the nodes but for now I want iptables to manage policy between
>> nodes.
>>
>> *Main node IPTABLES rule*
>>
>>
>>  iptables -A FORWARD -s <site1-ip> -d <site2-ip> -j DROP
>>  iptables -A FORWARD -s <site2-ip> -d <site1-ip> -j DROP
>> default DENY
>>
>> Regards
>> Yazeed
>> <yazeedfataar at hotmail.com>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>> --
>>
>> *Ing. Guillermo Bisheimer*
>>
>> *B&S Sistemas de Control y Equipamientos*
>>
>> Av. de los Constituyentes 1172
>>
>> (E3116CIX) Crespo, Entre Ríos
>>
>> Tel/Fax: (0343) 407-8990 (Nuevo número)
>>
>> Cel: (0343) 154679052
>>
>> WEB: www.bys-control.com.ar
>>
>> e-mail: gbisheimer at bys-control.com.ar
>>
>> skype: guillermo.bisheimer
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170214/57286a76/attachment.html>

More information about the tinc mailing list