<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Final resort CIPE routing question
From: "mikeeo" <mikeeo,AT,email,DOT,msn,DOT,com>
Date: Fri, 19 Jan 2001 14:16:48 +0100
In-reply-to: <003101c07a48$2d0bb5b0$be01a8c0@trollslayer>

I think Les is right as in Yannick has gone farther than this mailing list
is designed for. What I mean is its not a CIPE issue, its more of a ipchains
& routing and I don't believe we should be hand holding on this mailing
list, because both routing & ipchains are very well documented if people
would like to walk folks through configs I think it would be better not to
do it on this mailing list. just my thoughts
----- Original Message -----
From: "Les Mikesell" <lesmikesell,AT,home,DOT,com>
To: "Yannick MSR" <yannick.vansevenant,AT,mobyus,DOT,com>; 
<cipe-l,AT,inka,DOT,de>
Sent: Thursday, January 18, 2001 10:27 PM
Subject: Re: Final resort CIPE routing question

>
> ----- Original Message -----
> From: "Yannick MSR" <yannick.vansevenant,AT,mobyus,DOT,com>
> To: <cipe-l,AT,inka,DOT,de>; "Les Mikesell" <lesmikesell,AT,home,DOT,com>
> Sent: Thursday, January 18, 2001 8:45 AM
> Subject: Re: Final resort CIPE routing question
>
>
> >
> >
> > > Forwarding should all be controlled by the route table - but you need
to
> > > configure ipchains to allow access both ways between the LAN and
> > > tunnel.
> >
> > Hello,
> >
> > I've been testing again and when the firewalls are down and all is
> > permitted, pinging works perfectly, from a client post of one network to
> > client post on another network ... so it's 100% ipchains fault.
> >
> > Can someone point me in the direction which rules I should add ? For
example
> > do I need to add rules to go from 192.168.3.1 to 192.168.0.0 and vice
versa
> > and that on each input/forward/output target and that for which
interface ?
> > cipcb0 and eth1 ?
>
> I'm too lazy to type all that stuff in myself.  There is a nice
> firewall-building
> tool at http://linux-firewall-tools.com/linux/firewall/index.html that
> will generate just about what you want for the non-CIPE interfaces
> (be sure to mention the UDP port for the CIPE packets on the
> external interface in what you want to allow).
> If you don't mind the tunnel being completely open you can paste
> in something like:
>     ipchains -A input  -i cipcb0  -j ACCEPT
>     ipchains -A output -i cipcb0  -j ACCEPT
>     ipchains -A forward -i cipcb0 -j ACCEPT
> somewhere near the top.
>
>     Les Mikesell
>       lesmikesell,AT,home,DOT,com
>
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]