<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Final resort CIPE routing question
From: "Yannick Vansevenant" <yannick.vansevenant,AT,mobyus,DOT,com>
Date: Fri, 19 Jan 2001 15:10:42 +0100
In-reply-to: <003101c07a48$2d0bb5b0$be01a8c0@trollslayer>

Hi,

I already have thought off crossing this ML's limits, but as my problems
went to ipchains gradually I stayed comming here with my questions.

But this will stop here because the setup finally works, the last part of
the puzzle was that apparently forwarding on the internal network was not
active, I activated this with :

/sbin/ipchains -A forward -i $IN_INTERFACE -j ACCEPT -l

So it works, I can even browse our Oracle database at the other side with a
sql worksheet ... very cool !

Thanks for all your help guys ! And if any of you have the same kind of
probs ...

Yannick Vansevenant

----- Original Message -----
From: "mikeeo" <mikeeo,AT,email,DOT,msn,DOT,com>
To: <cipe-l,AT,inka,DOT,de>
Sent: Friday, January 19, 2001 2:05 PM
Subject: Re: Final resort CIPE routing question

> I think Les is right as in Yannick has gone farther than this mailing list
> is designed for. What I mean is its not a CIPE issue, its more of a
ipchains
> & routing and I don't believe we should be hand holding on this mailing
> list, because both routing & ipchains are very well documented if people
> would like to walk folks through configs I think it would be better not to
> do it on this mailing list. just my thoughts
> ----- Original Message -----
> From: "Les Mikesell" <lesmikesell,AT,home,DOT,com>
> To: "Yannick MSR" <yannick.vansevenant,AT,mobyus,DOT,com>; 
> <cipe-l,AT,inka,DOT,de>
> Sent: Thursday, January 18, 2001 10:27 PM
> Subject: Re: Final resort CIPE routing question
>
>
> >
> > ----- Original Message -----
> > From: "Yannick MSR" <yannick.vansevenant,AT,mobyus,DOT,com>
> > To: <cipe-l,AT,inka,DOT,de>; "Les Mikesell" <lesmikesell,AT,home,DOT,com>
> > Sent: Thursday, January 18, 2001 8:45 AM
> > Subject: Re: Final resort CIPE routing question
> >
> >
> > >
> > >
> > > > Forwarding should all be controlled by the route table - but you
need
> to
> > > > configure ipchains to allow access both ways between the LAN and
> > > > tunnel.
> > >
> > > Hello,
> > >
> > > I've been testing again and when the firewalls are down and all is
> > > permitted, pinging works perfectly, from a client post of one network
to
> > > client post on another network ... so it's 100% ipchains fault.
> > >
> > > Can someone point me in the direction which rules I should add ? For
> example
> > > do I need to add rules to go from 192.168.3.1 to 192.168.0.0 and vice
> versa
> > > and that on each input/forward/output target and that for which
> interface ?
> > > cipcb0 and eth1 ?
> >
> > I'm too lazy to type all that stuff in myself.  There is a nice
> > firewall-building
> > tool at http://linux-firewall-tools.com/linux/firewall/index.html that
> > will generate just about what you want for the non-CIPE interfaces
> > (be sure to mention the UDP port for the CIPE packets on the
> > external interface in what you want to allow).
> > If you don't mind the tunnel being completely open you can paste
> > in something like:
> >     ipchains -A input  -i cipcb0  -j ACCEPT
> >     ipchains -A output -i cipcb0  -j ACCEPT
> >     ipchains -A forward -i cipcb0 -j ACCEPT
> > somewhere near the top.
> >
> >     Les Mikesell
> >       lesmikesell,AT,home,DOT,com
> >
> >
> >
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>
>
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]