<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: routing proble
From: Richard de Jong <richard.de.jong,AT,framfab,DOT,nl>
Date: Tue, 21 Nov 2000 23:45:27 +0100
In-reply-to: <Pine.LNX.4.30.0011211202250.1201-100000@kaos.mpsnet.net.mx>

Hello,

You seem not to have a different subnet for the 2 cipcb interfaces. For
that reason you have created a local cipcb interface, with an ipaddress
in the ehernet segment of the other location, and you are hoping that
the cipcb of the first location and the ethernet interface in the second
location will automagically be linked to the same thing. I doubt this is
a good idea. What you should do, is create two extra subnets, make them
as small as you like, as long as they do not clash with the ranges you
are already using, then configure the linux routers to route the remote
ethernet subnet through the local cipcb ipaddress (in the new range).

By the way, what security is there when you connect a local network and
the internet to the same physical networkcard (using an alias)? I would
strongly recommend to put a second nic in both your routing machines and
physically separate the outside from the inside and then preferably take
care of firewalling, even before trying to set up a VPN. 

Good luck,

Grtz, Richard

Omar Armas Aleman wrote:
> 
> I have cipe with this configuration:
> 
> [192.168.0.2]   windows client
>     |
>     |
> [192.168.0.1   firewall/cipe/linux(server with 2 ip's)
>  200.38.40.47] real_ip
>     |
>     |
>     |
>  Internet
>     |
>     |
>     |
> [200.38.40.65  real_ip
>  192.168.1.1]  firewall/cipe/linux(server with 2 ip's)
>     |
>     |
> [192.168.1.2]   windows client/linux(dual)
> 
> cipe is already running, but I have some routing problems. I asked a few
> days ago, but until now I had time to test and still have problems.
> 
> Both servers have this in ipchains:
> [root@padrino /root]#  ipchains -L -n
> Chain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> 
> (no icmp filter)
> 
> This is the table route of them:
> 
> 192.168.0.1:
> 
> [oarmas@padrino oarmas]$ route -n
> Kernel IP routing table
> Destination     Gateway      Genmask         Flags Metric Ref Use Iface
> 192.168.1.1     0.0.0.0      255.255.255.255 UH    0      0     0 cipcb0
> 192.168.1.0     192.168.1.1  255.255.255.0   UG    0      0     0 cipcb0
> 192.168.0.0     0.0.0.0      255.255.255.0   U     0      0     0 eth0
> 200.38.40.0     0.0.0.0      255.255.255.0   U     0      0     0 eth0
> 127.0.0.0       0.0.0.0      255.0.0.0       U     0      0     0 lo
> 0.0.0.0         200.38.40.1  0.0.0.0         UG    1      0     0 eth0
> 
> 192.168.1.1:
> [oarmas@kaos oarmas]$ /sbin/route -n
> Kernel IP routing table
> Destination     Gateway      Genmask         Flags Metric Ref Use Iface
> 192.168.0.1     0.0.0.0      255.255.255.255 UH    0      0     0 cipcb0
> 192.168.1.0     0.0.0.0      255.255.255.0   U     0      0     0 eth0
> 192.168.0.0     192.168.0.1  255.255.255.0   UG    0      0     0 cipcb0
> 200.38.40.0     0.0.0.0      255.255.255.0   U     0      0     0 eth0
> 127.0.0.0       0.0.0.0      255.0.0.0       U     0      0     0 lo
> 0.0.0.0         200.38.40.1  0.0.0.0         UG    0      0     0 eth0
> [oarmas@kaos oarmas]$
> 
> The servers see each other(192.168.0.1<-->192.168.1.1), but the clients
> don't.
> 
> What should I add or delete from the routing tables?
> Do you think that the tables be the only problem?
> 
> I've been having problems with this, if I fix it I promise to make a
> mini-faq.
> 
> Omar
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]