Re: LVS-TUN and firewall on nodes

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: LVS-TUN and firewall on nodes
From:	Olivier Bonvalet <olivier.bonvalet@xxxxxxxxxx>
Date:	Sat, 15 Apr 2006 09:21:50 +0200

graeme@xxxxxxxxxxx a écrit :

Quoting Olivier Bonvalet <olivier.bonvalet@xxxxxxxxxx>:

I'm searching for the rule to set on nodes to allow the tunneling.
(the port 80 is already allowed, but not the "tunnel")

Depending on what your tunnel interface is, something like this willaccept TCP port 80 connections on your tunnel interface:


/sbin/iptables -I INPUT -i tun0 -s 0/0 -p tcp -m tcp --dport 80 -j ACCEPT

If you wanted it to accept all traffic on the tunnel interface use:

/sbin/iptables -I INPUT -i tun0 -j ACCEPT

Graeme


Thanks. I try this : (tunl0 is the name of my tunnel interface)
iptables -A INPUT -i tunl0 -j ACCEPT

But it doesn't works.

My "input policy" is set to DROP, so I think the packet on eth0 which
contain the "encapsulated one" is dropped before. No ?

<Prev in Thread]	Current Thread	[Next in Thread>
LVS-TUN and firewall on nodes, Olivier Bonvalet Re: LVS-TUN and firewall on nodes, graeme Re: LVS-TUN and firewall on nodes, Olivier Bonvalet <= Re: LVS-TUN and firewall on nodes, Olivier Bonvalet

Previous by Date:	Re: LVS-TUN and firewall on nodes, graeme
Next by Date:	Re: LVS-TUN and firewall on nodes, Olivier Bonvalet
Previous by Thread:	Re: LVS-TUN and firewall on nodes, graeme
Next by Thread:	Re: LVS-TUN and firewall on nodes, Olivier Bonvalet
Indexes:	[Date] [Thread] [Top] [All Lists]