Turns out I needed to masquerade the traffic coming into that INSIDE node.  
Since I use UFW to manage IPtables, adding this to my /etc/ufw/before.rules and 
restarting UFW fixed it for me:

" -A POSTROUTING -s 10.9.0.0/24 -o eth1 -j MASQUERADE"



Very Respectfully,


Kismet-Gerald Agbasi
IT/Systems Administrator
Central Truck Center, Inc.
Office:  240-487-3315
Toll Free:  1-800-492-0709
Fax:  240-487-3399
3839 Ironwood Place
Landover, MD 20785

www.centraltruckcenter.com

This message may contain confidential and/or proprietary information, and is 
intended for the person or entity to which it is addressed.   
Any use by others for all other purposes is strictly prohibited.
_________________________________________________________________________________________________________
3839 Ironwood Place | Landover, MD | 20785

-----Original Message-----
From: Kismet Agbasi [mailto:[email protected]] 
Sent: Thursday, October 6, 2016 12:17 PM
To: 'Keith' <[email protected]>; '[email protected]' <[email protected]>
Subject: RE: Can't Route LAN Traffic Behind Tinc Network

Oh yes - so ubuntu2 is the linux host running tinc on my LAN (the one I'm 
referring to as INSIDE node).  I can ping it from my Windows machine and vice 
versa without any trouble.  I can also ping all other devices on my LAN from 
ubuntu2 and  vice versa, also without any issues.  Output of "tcpdump -I eth1 
icmp" confirms that packets are reaching the box and going out on the correct 
interface.  10.9.0.4 is the tinc IP address of EXTERNAL node.

     root@ubuntu2:~# tcpdump -i eth1 icmp
     tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
     listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
     12:12:44.625280 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
1, length 64
     12:12:45.630867 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
2, length 64
     12:12:46.638898 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
3, length 64
     12:12:47.646764 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
4, length 64
     12:12:48.654765 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
5, length 64
     12:12:49.662973 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
6, length 64
     12:12:50.670642 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
7, length 64
     12:12:51.678942 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
8, length 64
     12:12:52.686627 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
9, length 64
     12:12:53.694864 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
10, length 64
     12:12:54.702841 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
11, length 64
     12:12:55.710574 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
12, length 64
     12:12:56.718886 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
13, length 64
     12:12:57.726749 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
14, length 64
     12:12:58.734801 IP 10.9.0.4 > 172.23.6.1: ICMP echo request, id 16606, seq 
15, length 64
     ^C
     15 packets captured
     16 packets received by filter
     0 packets dropped by kernel




-----Original Message-----
From: Keith [mailto:[email protected]] 
Sent: Thursday, October 6, 2016 11:27 AM
To: [email protected]; [email protected]
Subject: Re: Can't Route LAN Traffic Behind Tinc Network



On 06/10/2016 17:16, Kismet Agbasi wrote:
> Thanks again Keith.  I disabled UFW and flushed iptables completely, but same 
> result.  Pings from the external node are reaching the internal node on the 
> tinc0 interface but nothing happens after that.  Now that I'm thinking of it, 
> I did some masquerading in order to get OpenVPN to work on another box, I 
> wonder if that would be applicable here?
Weird. I dunno. something is missing from the picture.
You could check if the pings to 172.23.6.x are going out on the eth1 interface 
with tcpdump -i eth1 icmp You are trying to ping this internal windows box via 
tinc, right? (the one from where you posted a ping to 172.23.6.149?) Does it 
have windows firewall enabled? Sometimes windows firewall blocks incoming pings.

can you ping it from the machine called ubuntu2?

k/




_______________________________________________
tinc mailing list
[email protected]
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

Reply via email to