Thanks. You were spot on. After adding this ipchains rule, I could ping
past the linux box. Now I have another problem, bu a more general network
one, so I'll go to the newsgroups for that.
At 09:59 PM 4/03/01 -0800, Lionel wrote:
>On Mon, Mar 05, 2001 at 11:54:03AM +1000, Kyle Winters wrote:
> > SITE 1 SITE 2
> > Internal ip 192.168.1.7 192.168.10.7
> > cipe 192.168.200.1 192.168.200.2
> > public
> ip 22.214.171.124 126.96.36.199 (These are
> not real)
> > At the moment, I can ping from Box 1 to 192.168.10.7 which is the NIC
> in Box 2
> > I cannot ping from Box 1 to 192.168.10.100 which is a workstation.
> > I can ping from Box 2 to 192.168.1.7 which is the NIC in Box 1
> > I cannot ping from Box 2 to 192.168.1.100 which is a workstation
> > I do have ip_forwarding enabled on both machines. Does this look like an
> > ipchains problem? Can somebody let me know what rules I should be
> > implementing in ipchains to allow all traffic over this VPN?
> > Thanks
> I'm guessing that you've enabled ipmasq on both machines, as I've seen
>this/done this. You need to ensure the cipe bound traffic bypasses any
>masquerading. The problem being masquerading is done in the forward chain
>and the devices (cipcb?) exist in the input/output chains, so you have to
>use the networks instead.
>ipchains -I forward -j ACCEPT -s so.ur.ce.ip/24 -d des.in.at.ion/24
> With this rule before any -j MASQ rules, your localnet traffic will simply
> Lionel Widdifield  Spydernet Resources
>  P.O. Box 5412
> lwiddif-sig,AT,spydernet,DOT,com  Victoria BC, Canada V8R 6S4
>  Phone (250)413-9703 Fax 383-0373