I'm connecting to an openvpn box from a remote location. I can access the box I'm connecting to (I'm getting ping replies), but nothing that's beyond it (the box serves as a gateway for other clients). I'm using openvpn's --dev tap0 because i need to pass non-ip packets through the tunnel. On the openvpn box, FORWARD policy is DROP, so I did "iptables -I FORWARD -i tap0 -j ACCEPT" and thought this should do the trick. But I was wrong. The only solutions I found were either set FORWARD policy to ACCEPT (not happy with that) or insert an iptables rule in the FORWARD chain that gives access based on the MAC address. I'm probably going to use the latter, but I can't really understand why "iptables -I FORWARD -i tap0 -j ACCEPT" won't work. Isn't this supposed to let ALL packets (not just ip packets) pass through? I'm thinking that it has something to do with the fact that i'm using --dev tap0 (tap0 is bridged with eth1 - the LAN facing interface - and they form br0) which is layer2 but, as I said before, -i tap0 -j ACCEPT should work as well... Thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
