<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: IPChains settings
From: Sven Schulthei▀ <schulti,AT,discus,DOT,wh,DOT,uni-stuttgart,DOT,de>
Date: Thu, 21 Dec 2000 15:17:23 +0100
In-reply-to: <005e01c06b50$0cc051a0$c100a8c0@trollslayer>

Yannick Vansevenant wrote:
> 
> Hello,
> 
> I have a problem :
> 
> [root@callisto blitter]# ping 10.0.1.1
> PING 10.0.1.1 (10.0.1.1) from 10.0.2.1 : 56(84) bytes of data.
> ping: sendto: Operation not permitted
> ping: wrote 10.0.1.1 64 chars, ret=-1
> 
> My route table :
> 
> [root@callisto blitter]# route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.0.45    *               255.255.255.255 UH    0      0        0 eth1
> 10.0.1.1        *               255.255.255.255 UH    0      0        0
> cipcb0
> 194.7.177.163   *               255.255.255.255 UH    0      0        0 eth0
> 194.7.177.160   *               255.255.255.248 U     0      0        0 eth0
> 10.0.1.0        10.0.1.1        255.255.255.0   UG    0      0        0
> cipcb0
> 192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
> default         uu194-7-177-161 0.0.0.0         UG    0      0        0 eth0
> 
> Ipconfig extract :
> 
> [root@callisto blitter]# ifconfig
> cipcb0    Link encap:IPIP Tunnel  HWaddr
>           inet addr:10.0.2.1  P-t-P:10.0.1.1  Mask:255.255.255.255
>           UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
> 
> With following ipchains settings (extract filewall file) :
> 
>     # CIPE CONNECTION
>     # ------------------------
>     /sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p udp  \
>              -s $IPADDR $UNPRIVPORTS -d $CALLISTO_IP_ADDRESS $CIPE_PORT -j
> ACCEPT -l
>     /sbin/ipchains -A input -i $EXTERNAL_INTERFACE -p udp  \
>             -s $CALLISTO_IP_ADDRESS $CIPE_PORT -d $IPADDR $UNPRIVPORTS -j
> ACCEPT -l
> 
> Do any of you see something wrong ? CIP_PORT = 9999
> 
> Thanks for any hints !!
> 

Do you have input and output rules on the cipe device wich allow the
traffic through the cipe device? (on both gateways)

Sven





<< | Thread Index | >> ]    [ << | Date Index | >> ]