Can you post your Tinc configuration too? El lun., 30 ene. 2017 a las 11:42, Dave Albert (<[email protected]>) escribió:
> Here is an extract of my current iptables that are not working: > > iptables -L -n -v > > Chain INPUT (policy DROP 8 packets, 1120 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT tcp -- lo * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:3306 > 0 0 ACCEPT udp -- lo * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:3306 > 0 0 NRPE tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:5666 > 0 0 ACCEPT icmp -- * * x.x.x.x 0.0.0.0/0 > icmptype 8 > 0 0 ACCEPT icmp -- * * 127.0.0.1 > 0.0.0.0/0 icmptype 8 > 0 0 ACCEPT icmp -- * * 10.0.3.0/24 > 0.0.0.0/0 icmptype 8 > 0 0 ACCEPT tcp -- * * 10.0.3.0/24 > 0.0.0.0/0 > 0 0 ACCEPT udp -- * * 10.0.3.0/24 > 0.0.0.0/0 > 0 0 DROP icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmptype 8 > 0 0 ACCEPT icmp -- * * x.x.x.x 0.0.0.0/0 > icmptype 8 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:5666 > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED > 192 13741 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:2222 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED > 0 0 ACCEPT all -- lo * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT all -- docker0 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 udp spt:53 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 limit: avg 25/min burst 100 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp spt:123 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:25 > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:22 state ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:2222 state ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:655 state NEW,ESTABLISHED > 6 8976 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:655 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:80 state ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:443 state ESTABLISHED > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * docker0 0.0.0.0/0 > 172.17.0.0/16 ctstate RELATED,ESTABLISHED > 0 0 ACCEPT all -- docker0 * 172.17.0.0/16 > 0.0.0.0/0 > 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 > 0.0.0.0/0 > > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 NRPE tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:5666 > 0 0 ACCEPT tcp -- * * 10.0.3.0/24 > 0.0.0.0/0 > 0 0 ACCEPT udp -- * * 10.0.3.0/24 > 0.0.0.0/0 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmptype 0 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW,RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:5666 > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp spt:22 state ESTABLISHED > 140 44173 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp spt:2222 state ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp spt:80 state ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp spt:443 state ESTABLISHED > 0 0 ACCEPT all -- * lo 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT all -- * docker0 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 udp dpt:53 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:123 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:25 > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:2222 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:655 state NEW,ESTABLISHED > 6 8976 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp spt:655 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED > > Chain NRPE (2 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > x.x.x.x > 0 0 ACCEPT all -- * * x.x.x.x > 0.0.0.0/0 > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > > > > iptables -t nat -L -n -v > Chain PREROUTING (policy ACCEPT 6 packets, 1831 bytes) > pkts bytes target prot opt in out source > destination > > Chain INPUT (policy ACCEPT 4 packets, 1348 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 14 packets, 856 bytes) > pkts bytes target prot opt in out source > destination > > Chain POSTROUTING (policy ACCEPT 2 packets, 136 bytes) > pkts bytes target prot opt in out source > destination > > > On Mon, Jan 30, 2017 at 2:05 PM, Dave Albert <[email protected]> > wrote: > > Hi, > > I've been able to get tinc setup when I flush all my iptables, but after > enabling iptables and a delay I get a "Destination Net Unknown". I have > three host (HOME10.0.3.2, MASTER 10.0.3.1, WEB 10.0.3.3) MASTER and WEB are > in Digital ocean in the same data centre. > > HOME <---> MASTER <---> WEB > > I've tried multiple forwarding/masquerading/etc rules and don't understand > what I'm missing. > > When iptables are enabled (same rules on MASTER and WEB) I get the > following results: > > HOME $ ping 10.0.3.1 ==> Success > HOME $ ping 10.0.3.3 ==> Destination Net Unknown > > MASTER $ ping 10.0.3.2 ==> Success > MASTER $ ping 10.0.3.3 ==> Destination Net Unknown > > WEB $ ping 10.0.3.1 ==> Destination Net Unknown > WEB $ ping 10.0.3.2 ==> Destination Net Unknown > > > It's not just ICMP though, I get the same results for "nc -vz x.x.x.x 22" > > I'd appreciate any help. > > Thanks, > Dave > > > _______________________________________________ > tinc mailing list > [email protected] > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > -- *Ing. Guillermo Bisheimer* *B&S Sistemas de Control y Equipamientos* Av. de los Constituyentes 1172 (E3116CIX) Crespo, Entre Ríos Tel/Fax: (0343) 407-8990 (Nuevo número) Cel: (0343) 154679052 WEB: www.bys-control.com.ar e-mail: [email protected] skype: guillermo.bisheimer
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
