Hi Guillermo Thank you , that did the trick :-0
Regards Yazeed Fataar <[email protected]> On Mon, Feb 13, 2017 at 2:59 PM, Yazeed Fataar <[email protected]> wrote: > Thank you Guillermo. I will give it a go and revert back with my results. > > Regards > Yazeed Fataar > <[email protected]> > > On Mon, Feb 13, 2017 at 2:26 PM, Guillermo Bisheimer < > [email protected]> wrote: > >> Hi Yazeed, >> >> You have to add this to tinc.conf >> >> TunnelServer = yes >> >> Otherwise tinc will manage package routing internally. Then you can >> manage forwarding rules using IPTABLES as usual. >> >> Hope it helps. >> >> >> >> El lun., 13 feb. 2017 a las 8:11, Yazeed Fataar (<[email protected]>) >> escribió: >> >> Hi >> >> I have a simple hub and spoke topology where all my nodes connect to a >> central node. Below is tinc.conf for main node >> >> *tinc.conf* >> Name = main >> Interface = tun0 >> Forwarding = kernel >> >> and the remote nodes have same with ConnectTo = main. >> >> I have tried to apply a basic iptable policy on the main node but the >> traffic still seems to passthough and the nodes can communicate with each >> other. How do I apply policy between the two remote nodes on the main hub >> node? I would like in future to only allow a selected ports to be allowed >> between the nodes but for now I want iptables to manage policy between >> nodes. >> >> *Main node IPTABLES rule* >> >> >> iptables -A FORWARD -s <site1-ip> -d <site2-ip> -j DROP >> iptables -A FORWARD -s <site2-ip> -d <site1-ip> -j DROP >> default DENY >> >> Regards >> Yazeed >> <[email protected]> >> _______________________________________________ >> tinc mailing list >> [email protected] >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> -- >> >> *Ing. Guillermo Bisheimer* >> >> *B&S Sistemas de Control y Equipamientos* >> >> Av. de los Constituyentes 1172 >> >> (E3116CIX) Crespo, Entre Ríos >> >> Tel/Fax: (0343) 407-8990 (Nuevo número) >> >> Cel: (0343) 154679052 >> >> WEB: www.bys-control.com.ar >> >> e-mail: [email protected] >> >> skype: guillermo.bisheimer >> >> _______________________________________________ >> tinc mailing list >> [email protected] >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
