From 455830e5eb6462b0f0d76723c211c1a57aa81fd4 Mon Sep 17 00:00:00 2001 From: Manevolent Date: Mon, 29 Jan 2024 19:13:11 -0700 Subject: [PATCH] Update tinc-up.tmpl --- tinc/tinc-up.tmpl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tinc/tinc-up.tmpl b/tinc/tinc-up.tmpl index 4f9cc26..78a9def 100644 --- a/tinc/tinc-up.tmpl +++ b/tinc/tinc-up.tmpl @@ -13,10 +13,11 @@ ifconfig ${internal_interface} ${internal_address6}/${internal_mask6:-128} iptables -t nat -I PREROUTING -d {{ . }} -i eth0 -j DNAT --to-destination ${tinc_peer_address} {{ end }}{{ end }} +iptables -A FORWARD -i eth0 -o \$INTERFACE -j ACCEPT + # Plugins may communicate over eth0, the 'internal' docker network. # Because of this, we should allow masquerading NAT through eth0 -iptables -A FORWARD -i eth0 -o \$INTERFACE -j ACCEPT -iptables -t nat -A PREROUTING -i eth0 -j MARK --set-mark 1 +iptables -t nat -A PREROUTING -i eth0 ! -s ${network_address}/${global_prefix:-16} -j MARK --set-mark 1 iptables -t nat -A POSTROUTING -m mark --mark 1 -o \$INTERFACE -j MASQUERADE # Prevent spoofing attacks