<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: routing proble
From: Manuela Guandalini <guandam,AT,gcs-mbh,DOT,de>
Date: Wed, 22 Nov 2000 16:04:11 +0100
In-reply-to: <Pine.LNX.4.30.0011211202250.1201-100000@kaos.mpsnet.net.mx>

Omar Armas Aleman wrote:

> I have cipe with this configuration:
>
> [192.168.0.2]   windows client
>     |
>     |
> [192.168.0.1   firewall/cipe/linux(server with 2 ip's)
>  200.38.40.47] real_ip
>     |
>     |
>     |
>  Internet
>     |
>     |
>     |
> [200.38.40.65  real_ip
>  192.168.1.1]  firewall/cipe/linux(server with 2 ip's)
>     |
>     |
> [192.168.1.2]   windows client/linux(dual)
>
> cipe is already running, but I have some routing problems. I asked a few
> days ago, but until now I had time to test and still have problems.
>
> Both servers have this in ipchains:
> [root@padrino /root]#  ipchains -L -n
> Chain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
>
> (no icmp filter)
>
> This is the table route of them:
>
> 192.168.0.1:
>
> [oarmas@padrino oarmas]$ route -n
> Kernel IP routing table
> Destination     Gateway      Genmask         Flags Metric Ref Use Iface
> 192.168.1.1     0.0.0.0      255.255.255.255 UH    0      0     0 cipcb0
> 192.168.1.0     192.168.1.1  255.255.255.0   UG    0      0     0 cipcb0
> 192.168.0.0     0.0.0.0      255.255.255.0   U     0      0     0 eth0
> 200.38.40.0     0.0.0.0      255.255.255.0   U     0      0     0 eth0
> 127.0.0.0       0.0.0.0      255.0.0.0       U     0      0     0 lo
> 0.0.0.0         200.38.40.1  0.0.0.0         UG    1      0     0 eth0
>
> 192.168.1.1:
> [oarmas@kaos oarmas]$ /sbin/route -n
> Kernel IP routing table
> Destination     Gateway      Genmask         Flags Metric Ref Use Iface
> 192.168.0.1     0.0.0.0      255.255.255.255 UH    0      0     0 cipcb0
> 192.168.1.0     0.0.0.0      255.255.255.0   U     0      0     0 eth0
> 192.168.0.0     192.168.0.1  255.255.255.0   UG    0      0     0 cipcb0
> 200.38.40.0     0.0.0.0      255.255.255.0   U     0      0     0 eth0
> 127.0.0.0       0.0.0.0      255.0.0.0       U     0      0     0 lo
> 0.0.0.0         200.38.40.1  0.0.0.0         UG    0      0     0 eth0
> [oarmas@kaos oarmas]$
>
> The servers see each other(192.168.0.1<-->192.168.1.1), but the clients
> don't.
>

That's exactely what happened to my cipe tunnel, as soon as i updated my
firewall.
I used the SuSE 6.3 firewall and changed it to the updated version. Too bad. I
need now FW_DEV_WORLD=cipcb0  to make the tunnel work, and still won't reach 
the
internal net.
I tried everything i could, didn't find a solution. U can just ping the 
server,
nothing behind it.
On the second machine runs the old firewall, and i can see the whole net 
through
it. So, try check your firewallrules.

>
> What should I add or delete from the routing tables?
> Do you think that the tables be the only problem?

The only difference i found between your and my configuration ist by the 
loopback
interface:
my mask is 255.255.255.255, not 255.0.0.0. No idea what it really means.

Bye.
Manu.





<< | Thread Index | >> ]    [ << | Date Index | >> ]