<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Final resort CIPE routing question
From: "Les Mikesell" <lesmikesell,AT,home,DOT,com>
Date: Wed, 17 Jan 2001 06:21:03 +0100
In-reply-to: <003101c07a48$2d0bb5b0$be01a8c0@trollslayer>

----- Original Message -----
From: "Yannick Vansevenant" <yannick.vansevenant,AT,mobyus,DOT,com>
To: <cipe-l,AT,inka,DOT,de>; "Les Mikesell" <lesmikesell,AT,home,DOT,com>
Sent: Monday, January 15, 2001 9:17 AM
Subject: Re: Final resort CIPE routing question

> Okay, I changed things :
>
> [root@crux /root]# route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.3.1     *               255.255.255.255 UH    0      0        0
> cipcb0
> 192.168.254.0   *               255.255.255.240 U     0      0        0 eth0
> 192.168.1.0     192.168.3.1     255.255.255.0   UG    0      0        0
> cipcb0
> 192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
> default         192.168.254.1   0.0.0.0         UG    0      0        0 eth0

> [root@callisto blitter]# route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 255.255.255.255 *               255.255.255.255 UH    0      0        0 eth1
> 192.168.2.1     *               255.255.255.255 UH    0      0        0
> cipcb0
> 192.168.1.45    *               255.255.255.255 UH    0      0        0 eth1
> REALIP   *               255.255.255.248 U     0      0        0 eth0
> 192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
> 192.168.0.0     192.168.2.1     255.255.255.0   UG    0      0        0
> cipcb0
> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
> default         *               0.0.0.0         U     0      0        0 eth0

> So CIPE is now on 192.168.3.1 for callisto and 192.168.2.1 for crux, like
> ping outputs :

I've always put the two endpoints on the same network since they are
conceptually like a ppp connection, but since you get host routes to
the opposite endpoints automatically with CIPE I guess it doesn't
matter.

> [root@callisto blitter]# ping 192.168.0.148
> PING 192.168.0.148 (192.168.0.148) from 192.168.3.1 : 56(84) bytes of data.
> From 192.168.2.1: Destination Host Unreachable

Is there a 192.168.0.148 address active on the crux eth1 segment?  This is not
telling you 'network unreachable' or 'no route to host', it means no one
answered the arp for the address.  If 192.168.0.148 is the crux eth1 
interface,
then ipchains is denying access.

>
> [root@callisto blitter]# ping 192.168.0.18
> PING 192.168.0.18 (192.168.0.18) from 192.168.3.1 : 56(84) bytes of data.
> 64 bytes from 192.168.0.18: icmp_seq=0 ttl=255 time=140.9 ms
>
> Any further clues ? Does anyone of you guys has a similar setup ??

It looks like the tunnel itself is working.

> For ipchains I put up unlimited traffic on the cipcb0 interface (it is a
> tunnel between two trusted networks).
> Do I need to do some forwarding in ipchains to have 192.168.2.1 see where
> 192.168.0.148 is located ?

Forwarding should all be controlled by the route table - but you need to
configure ipchains to allow access both ways between the LAN and
tunnel.

   Les Mikesell
        lesmikesell,AT,home,DOT,com





<< | Thread Index | >> ]    [ << | Date Index | >> ]