<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Network to Network setup troubleshoting
From: chanlon,AT,amavi,DOT,com
Date: Tue, 20 Mar 2001 07:58:39 +0100

I'm trying to setup cipe to connect two networks.  One in Ottawa one
in Victoria.  Both networks are connected to the Internet via ADSL
lines.  Both machines run Linux 2.2.17, one on a Redhat box the
other on a Debian box.  I would like both boxes to masquerade the
Internet connection at the same time (and one of the currently does)
but I can live without this feature.
Please note Both boxes are currently in our Victoria office.
Both systems use the ip-up and ip-down scripts from the how to
http://www.linuxdoc.org/HOWTO/mini/Cipe+Masq-6.html#ss6.1 (the ones
for 2.2

My problem is that both machines will talk to the internal
interface of the other but they can't talk to the internal networks.
I believe the packets aren't been forwarded to the inside network

The Redhat box has the following details
Internal network: 192.168.8.0
External interface: 24.67.218.1
*note pkcipe (the rest of cipe would compile on this box so I
compiled it on the Debian box and copied it over.  I can provide more
details but I suspect they will get us side tracked.

ipchains -F

a routing table as follows(extra spaces removed)
Destination   Gateway     Genmask         Flags Metric Ref Use Iface
192.168.8.250 *           255.255.255.255 UH    0      0   0 eth1
192.168.8.0   *           255.255.255.0   U     0      0   0 eth1
24.67.218.0   *           255.255.254.0   U     0      0   0 eth0
127.0.0.0     *           255.0.0.0       U     0      0   0 lo
default       24.67.218.1 0.0.0.0         UG    0      0   0 eth0

The Debian box has the following details
Internal network: 192.168.111.0
public network: 206.87.247.0
External IF (default): 24.67.218.186 (vpn.amavi.com)

The following ipchains commands have been executed
ipchains -P forward DENY
ipchains -A forward -s 192.168.111.0/24 -j MASQ

route
Destination     Gateway        Genmask         Flags Metric Ref    Use Iface
192.168.111.10  *              255.255.255.255 UH    0      0        0 ppp0
#A poptop connection

orahq0.acoa.ca  206.87.247.254 255.255.255.255 UGH   0      0        0 eth0
#due to old firewall rules at the client's site

107-90.adsl.gen 206.87.247.254 255.255.255.255 UGH   0      0        0 eth0
#One employee finds ssh runs better over this route.

localnet        *              255.255.255.0   U     0      0        0 eth1
localnet        *              255.255.255.0   U     0      0        0 eth1
206.87.247.0    *              255.255.255.0   U     0      0        0 eth0
206.87.247.0    *              255.255.255.0   U     0      0        0 eth0
24.67.218.0     *              255.255.254.0   U     0      0        0 eth2
127.0.0.0       *              255.0.0.0       U     0      0        0 lo

default         24.67.218.1    0.0.0.0         UG    0      0        0 eth2
#Our cable modem (used for vpn testing + Internet surfing)

default         206.87.247.254 0.0.0.0         UG    0      0        0 eth0
#Our ADSL line (mainly used by other servers).
#Provides a direct route to our other servers.

After typing pkcipe -c vpn.amavi.com:pkcipe (on the redhat box).  I end up
results.

Redhat box

ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
cipcb0i    all  ------  anywhere             anywhere              n/a
Chain forward (policy DENY):
target     prot opt     source                destination           ports
cipcb0f    all  ------  anywhere             anywhere              n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports
cipcb0o    all  ------  anywhere             anywhere              n/a
Chain cipcb0i (1 references):
target     prot opt     source                destination           ports
DENY       all  ----l-  192.168.8.0/24       192.168.8.0/24        n/a
ACCEPT     all  ------  192.168.8.0/24       192.168.111.0/24      n/a
ACCEPT     all  ------  192.168.111.0/24     192.168.8.0/24        n/a
DENY       all  ----l-  anywhere             anywhere              n/a
Chain cipcb0o (1 references):
target     prot opt     source                destination           ports
DENY       all  ----l-  192.168.8.0/24       192.168.8.0/24        n/a
ACCEPT     all  ------  192.168.8.0/24       192.168.111.0/24      n/a
ACCEPT     all  ------  192.168.111.0/24     192.168.8.0/24        n/a
DENY       all  ----l-  anywhere             anywhere              n/a
Chain cipcb0f (1 references):
target     prot opt     source                destination           ports
ACCEPT     all  ------  192.168.8.0/24       192.168.111.0/24      n/a
ACCEPT     all  ------  192.168.111.0/24     192.168.8.0/24        n/a
DENY       all  ----l-  anywhere             anywhere              n/a

route
Kernel IP routing table
Destination     Gateway   Genmask         Flags Metric Ref Use Iface
192.168.111.199 *          255.255.255.255 UH    0      0   0   cipcb0
192.168.8.250   *           255.255.255.255 UH    0      0   0   eth1
192.168.8.0     *           255.255.255.0   U     0      0   0   eth1
192.168.111.0   *          255.255.255.0   U     0      0   0   cipcb0
24.67.218.0     *           255.255.254.0   U     0      0   0   eth0
127.0.0.0       *           255.0.0.0       U     0      0   0   lo
default         24.67.218.1 0.0.0.0         UG    0      0   0   eth0
 

Debian box
ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source           destination           ports
cipcb0i    all  ------  anywhere         anywhere              n/a
Chain forward (policy DENY):
target     prot opt     source           destination           ports
cipcb0f    all  ------  anywhere         anywhere              n/a
MASQ       all  ------  localnet/24      anywhere              n/a
Chain output (policy ACCEPT):
target     prot opt     source           destination           ports
cipcb0o    all  ------  anywhere         anywhere              n/a
Chain cipcb0i (1 references):
target     prot opt     source           destination           ports
DENY       all  ----l-  localnet/24      localnet/24           n/a
ACCEPT     all  ------  localnet/24      192.168.8.0/24        n/a
ACCEPT     all  ------  192.168.8.0/24   localnet/24           n/a
DENY       all  ----l-  anywhere         anywhere              n/a
Chain cipcb0o (1 references):
target     prot opt     source           destination           ports
DENY       all  ----l-  localnet/24      localnet/24           n/a
ACCEPT     all  ------  localnet/24      192.168.8.0/24        n/a
ACCEPT     all  ------  192.168.8.0/24   localnet/24           n/a
DENY       all  ----l-  anywhere         anywhere              n/a
Chain cipcb0f (1 references):
target     prot opt     source           destination           ports
ACCEPT     all  ------  localnet/24      192.168.8.0/24        n/a
ACCEPT     all  ------  192.168.8.0/24   localnet/24           n/a
DENY       all  ----l-  anywhere         anywhere              n/a

route
Kernel IP routing table
Destination     Gateway        Genmask         Flags Metric Ref Use Iface
192.168.111.10  *              255.255.255.255 UH    0      0   0   ppp0
orahq0.acoa.ca  206.87.247.254 255.255.255.255 UGH   0      0   0   eth0
107-90.adsl.gen 206.87.247.254 255.255.255.255 UGH   0      0   0   eth0
192.168.8.250   *              255.255.255.255 UH    0      0   0   cipcb0
192.168.8.0     *              255.255.255.0   U     0      0   0   cipcb0
localnet        *              255.255.255.0   U     0      0   0   eth1
localnet        *              255.255.255.0   U     0      0   0   eth1
206.87.247.0    *              255.255.255.0   U     0      0   0   eth0
206.87.247.0    *              255.255.255.0   U     0      0   0   eth0
24.67.218.0     *              255.255.254.0   U     0      0   0   eth2
127.0.0.0       *              255.0.0.0       U     0      0   0   lo
default         24.67.218.1    0.0.0.0         UG    0      0   0   eth2
default         206.87.247.254 0.0.0.0         UG    0      0   0   eth0

If you can help me out it would be greatly appreciated.

Chris

P.S.  Sorry this message is so long





<< | Thread Index | >> ]    [ << | Date Index | >> ]