Thanks Odinn, I have been trying to understand Iptables for this, but have not had a lot of time. Since my trigger hack is working now, I am trying to manage some other thing at the moment. If you come by any clues in your free time please post.
Thanks too Michealk, I have that UDP according to Hamachi set up and it does work for the data tunnel on the 5.*.*.* ip addresses. But there is one step in Hamachi's communication that goes via TCP. I will show some clips from a 'hamachi start debug session' that may keep the issue cleared up.
Code:
[root@myhost ~]# hamachi start debug
.
**** it will hang here if I turn the firewall on.
**** this step uses a dynamic port (43352 this time, apparently
**** via TCP which I cannot open on the fire wall.
11 10:57:39.878 [ 3] [14527] ses: connecting to 69.25.21.229:12975 ..
11 10:57:39.897 [ 4] [14527] ses: io_ready -- 192.168.1.19:43352
.
**** Later, this connection uses the correct port
**** (specified by UdpPort ##### in .hamachi/config)
.
11 10:57:40.313 [ 8] [14527] ses: udp sock -- 192.168.1.19:12345
.
**** The peer will show up with 5.*.*.*:12345 ipaddress from other peers.
**** So with the firewall off, I can connect to the networks.
.
11 10:57:40.758 [ 14] [14527] ses: received network myhamachinetwork
At this point, I turn on the firewall again.
Not long after (about 1 minute) I lose the connections.
Notice the 'io_ready' step. My host has lost the ip.
Code:
11 11:29:39.637 [3351] [14709] ses: connecting to 69.25.21.229:12975 ..
11 11:32:48.645 [3352] [14709] ses: io_ready -- 0.0.0.0:46014
11 11:32:48.645 [3352] [14709] ses: state 3.0 -> 3.1
11 11:32:48.645 [3352] [14709] ses: state 3.1 -> 4.0
11 11:32:48.645 [3352] [14709] ses: sending helo ..
11 11:32:48.645 [3352] [14709] ses: error 2 send 32 33
11 11:32:48.645 [3352] [14709] ses: error 2 send 32 33
11 11:32:48.645 [3352] [14709] ses: go_offline
Now when I open the dynamic TCP range of firewall ports (port forward or trigger) this connection succeeds. So I want to map the range in a way that the io_ready communication will flow out through the one allowable open port.
Thanks again for your help.
By the way, I have used the iptables with
Code:
-A POSTROUTING -o ham0 -j MASQUERADE
enabled and disabled but it does not affect this issue.