<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Final resort CIPE routing question
From: "Les Mikesell" <lesmikesell,AT,home,DOT,com>
Date: Fri, 19 Jan 2001 04:49:19 +0100
In-reply-to: <003101c07a48$2d0bb5b0$be01a8c0@trollslayer>

----- Original Message -----
From: "Yannick MSR" <yannick.vansevenant,AT,mobyus,DOT,com>
To: <cipe-l,AT,inka,DOT,de>; "Les Mikesell" <lesmikesell,AT,home,DOT,com>
Sent: Thursday, January 18, 2001 8:45 AM
Subject: Re: Final resort CIPE routing question

>
>
> > Forwarding should all be controlled by the route table - but you need to
> > configure ipchains to allow access both ways between the LAN and
> > tunnel.
>
> Hello,
>
> I've been testing again and when the firewalls are down and all is
> permitted, pinging works perfectly, from a client post of one network to
> client post on another network ... so it's 100% ipchains fault.
>
> Can someone point me in the direction which rules I should add ? For example
> do I need to add rules to go from 192.168.3.1 to 192.168.0.0 and vice versa
> and that on each input/forward/output target and that for which interface ?
> cipcb0 and eth1 ?

I'm too lazy to type all that stuff in myself.  There is a nice
firewall-building
tool at http://linux-firewall-tools.com/linux/firewall/index.html that
will generate just about what you want for the non-CIPE interfaces
(be sure to mention the UDP port for the CIPE packets on the
external interface in what you want to allow).
If you don't mind the tunnel being completely open you can paste
in something like:
    ipchains -A input  -i cipcb0  -j ACCEPT
    ipchains -A output -i cipcb0  -j ACCEPT
    ipchains -A forward -i cipcb0 -j ACCEPT
somewhere near the top.

    Les Mikesell
      lesmikesell,AT,home,DOT,com





<< | Thread Index | >> ]    [ << | Date Index | >> ]