On Sun, 17 May 2020 16:57:44 +0100 mick mbm@rlogin.net allegedly wrote:
This may be deemed off topic because it is not strictly directly Linux related, although all the machines involved are running Linux. However, there are some networking experts here and I would welcome a view on something that is driving me nuts.
All
Forgive me. I am an idiot. I have just remembered that my iptables rules (on all my VMs, including the VPN endpoints) contain the two rules:
# drop all zeroes and all ones $IPTABLES -A INPUT -s 0.0.0.0/8 -j DROP $IPTABLES -A INPUT -d 0.0.0.0/8 -j DROP $IPTABLES -A INPUT -s 1.1.1.1 -j DROP $IPTABLES -A INPUT -d 1.1.1.1 -j DROP
(for historic reasons)
and since my VPN traffic goes out through a masquerade at:
# Now allow forwarding over the tun interface for openvpn
$IPTABLES -A FORWARD -i tun0 -o eth0 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
of course the block above doesn't apply.
Apologies for the noise. But the act of documenting the issue helped my diagnosis.
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------