| Subject: | Cipe connection problems. |
| From: | ewheeler,AT,kaico,DOT,com |
| Date: | Wed, 20 Jun 2001 02:03:32 +0200 |
| In-reply-to: | <3B2F14CB.5040802@freealter.com> |
I've seen this problem kicking arround the mail-list lately, so... To all who have problems with cipe after using iptables for firewall rules and/or SNAT but not before: I had this problem for a little while until I figured out what happens. If you have the following: iptables -t nat -A POSTROUTING -j SNAT --to-source Z.Z.Z.Z Then ALL packets routed through the linux box have their source port mangled. This includes cipcbX, pppX, ethX, slX, ...etc... So, here's what you need to do: If your destination network for your cipe link is 192.168.1.0/24, add this rule: iptables -t nat -I POSTROUTING 1 -d 192.168.1.0/24 -j RETURN This will make your linux box stop mangling the source port on packets destined for 192.168.1.0/24. Therefore your local network can still use SNAT to allow several systems on the internet through one IP and you can also route to your remote networks over CIPE! --Eric