<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Cipe connection problems.
From: ewheeler,AT,kaico,DOT,com
Date: Wed, 20 Jun 2001 02:03:32 +0200
In-reply-to: <3B2F14CB.5040802@freealter.com>

I've seen this problem kicking arround the mail-list lately, so...

To all who have problems with cipe after using iptables for firewall rules
and/or SNAT but not before:

  I had this problem for a little while until I figured out what happens.  

If you have the following:
 iptables -t nat -A POSTROUTING -j SNAT --to-source Z.Z.Z.Z

Then ALL packets routed through the linux box have their source port
mangled.  This includes cipcbX, pppX, ethX, slX, ...etc...

So, here's what you need to do:

If your destination network for your cipe link is 192.168.1.0/24, add this
rule:

iptables -t nat -I POSTROUTING 1 -d 192.168.1.0/24 -j RETURN

This will make your linux box stop mangling the source port on packets
destined for 192.168.1.0/24.  Therefore your local network can still use
SNAT to allow several systems on the internet through one IP and you can
also route to your remote networks over CIPE!

--Eric





<< | Thread Index | >> ]    [ << | Date Index | >> ]