<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Final resort CIPE routing question
From: "Les Mikesell" <lesmikesell,AT,home,DOT,com>
Date: Sun, 14 Jan 2001 21:41:48 +0100
In-reply-to: <003101c07a48$2d0bb5b0$be01a8c0@trollslayer>

----- Original Message ----- 
From: "Yannick Vansevenant" <yannick.vansevenant,AT,mobyus,DOT,com>
To: <cipe-l,AT,inka,DOT,de>; <schultheiss,AT,steinbeis-europa,DOT,de>
Sent: Friday, January 12, 2001 4:05 AM
Subject: Re: Final resort CIPE routing question

> Okay, the CIPE tunnel works, but the routing from the cipe interface to the
> internal ethernet network not ...
> 
> If I understand correctly, if the forwarding flag is active in the kernel
> and ipchains does not block, a transfer of 192.168.0.252 to 192.168.0.18
> would take place automatically ?
> 
> Is this logical ? Forwarding on the same subnet automatically ?

No, for forwarding to work you must be able to determine the next
hop interface from the route table.  It does not make sense to put
numbers within the same subnet mask on two different interfaces
unless you intend to use proxyarp to make them appear to be
directly on the other interface for other devices.

> Or do I need to modify the cipcb0 netmask to not include any addresses of
> the real internal network so that the kernel will decide to do the forward
> ??? If this is the case, how do I change the netmask of the cipe interface ?

Since you are using private net numbers anyway, why don't you just
use a different third octet for each interface to make it easier to 
see what is happening.   In the route table you posted, it looked like
you had also applied the same network numbers to your loopback
address (lo).  Is there some reason for that instead of the normal
127.0.0.1?

> Or is all this wrong and do I need to investigate my ipchains settings ?

I would renumber first, then recompile tcpdump with the patch for cipe
(RedHat 7.0 already has this), and  after you are able to ping from the
server to the remote cipe endpoint, try to ping from the server to the
remote LAN address while using tcpdump to watch the packets on
the remote cipe interface.    You will be able to tell from the output
whether the packets are arriving, not being forwarded, or being blocked
by an ipchains DENY, and whether it is happening in the forward or
return direction.

        Les Mikesell
            lesmikesell,AT,home,DOT,com





<< | Thread Index | >> ]    [ << | Date Index | >> ]