<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Final resort CIPE routing question
From: "Yannick Vansevenant" <yannick.vansevenant,AT,mobyus,DOT,com>
Date: Tue, 16 Jan 2001 16:14:36 +0100
In-reply-to: <003101c07a48$2d0bb5b0$be01a8c0@trollslayer>

Hi,

I had the idea to test my routing by disabling all blocking on the two
firewalls and pinging from 1 of the tunnel to the other sides' network
worked. On the other side it didn't work, but I think that is normal because
on the clients computer, the proper route table is set up.

For me that is reasonably good news, the firewalls are causing my problems,
so despite the slightly entering of my mails into the non cipe area, I
wanted to post my ipchains -L -n outputs for you guys to look at it and give
an opinion. Things that are left out are hopefully not relevant (they are
general firewall things to block non internet addresses and so on)

this is the ipchains -L -n output from callisto  :

Chain input (policy DENY):
target     prot opt     source                destination           ports
cipcb0i    all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
DENY       all  ----l-  REALIP        0.0.0.0/0             n/a
DENY       all  ------  10.0.0.0/8           0.0.0.0/0             n/a
DENY       all  ------  0.0.0.0/0            10.0.0.0/8            n/a
...
Chain forward (policy REJECT):
target     prot opt     source                destination           ports
cipcb0f    all  ------  0.0.0.0/0            0.0.0.0/0             n/a
MASQ       all  ------  192.168.1.0/24       0.0.0.0/0             n/a
Chain output (policy REJECT):
target     prot opt     source                destination           ports
cipcb0o    all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
REJECT     all  ------  10.0.0.0/8           0.0.0.0/0             n/a
REJECT     all  ------  0.0.0.0/0            10.0.0.0/8            n/a
...
ACCEPT     all  ------  0.0.0.0/0            192.168.1.0/24        n/a
Chain cipcb0i (1 references):
target     prot opt     source                destination           ports
ACCEPT     all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
Chain cipcb0o (1 references):
target     prot opt     source                destination           ports
ACCEPT     all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
Chain cipcb0f (1 references):
target     prot opt     source                destination           ports
ACCEPT     all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a

this is the output from crux :

Chain input (policy DENY):
target     prot opt     source                destination           ports
cipcb0i    all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
DENY       all  ----l-  192.168.254.2        0.0.0.0/0             n/a
DENY       all  ------  10.0.0.0/8           0.0.0.0/0             n/a
DENY       all  ------  0.0.0.0/0            10.0.0.0/8            n/a
...
Chain forward (policy REJECT):
target     prot opt     source                destination           ports
cipcb0f    all  ------  0.0.0.0/0            0.0.0.0/0             n/a
MASQ       all  ------  192.168.0.0/24       0.0.0.0/0             n/a
Chain output (policy REJECT):
target     prot opt     source                destination           ports
cipcb0o    all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
REJECT     all  ------  10.0.0.0/8           0.0.0.0/0             n/a
REJECT     all  ------  0.0.0.0/0            10.0.0.0/8            n/a
...
ACCEPT     all  ------  0.0.0.0/0            192.168.0.0/24        n/a
Chain cipcb0i (1 references):
target     prot opt     source                destination           ports
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
Chain cipcb0o (1 references):
target     prot opt     source                destination           ports
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
Chain cipcb0f (1 references):
target     prot opt     source                destination           ports
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a

Admitting here that I don't see any special addresses such as the other
network address apearing. I give complete clearance to the cipe tunnel
regarding ipchains.

I also find it strange that the cipcb0 device isn't mensioned in this ouput,
because it goes in at the /etc/cipe/ip-up side of things. Other references
to the real ip ethernet interface of callisto for example show up as the
real ip of that machine ...

Remark : the ipchains rules are built up into two fases : first fase in the
rc.firewall script on both machines and secondly by the ip-up script

Does anyone of you guys has an idea on how to continue ?

Best greetings !





<< | Thread Index | >> ]    [ << | Date Index | >> ]