<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: pbs with cipe 2.2.14 <--> 2.4.4ac5
From: Ludovic Drolez <ludovic.drolez,AT,freealter,DOT,com>
Date: Wed, 20 Jun 2001 10:59:49 +0200
In-reply-to: <Pine.LNX.4.21.0106191533410.13511-100000@raid.kaico.com>

ewheeler,AT,kaico,DOT,com wrote:

>
>your firewall rules.  Next, do this:
>
>  iptables -F
>  iptables -t nat -F
>  ipchains -F
>
>
>Once you've flushed ipchains (for the 2.2.x kernel) and iptables (for the
>2.4.x kernel) try your connections again.  
>
>~hopefully~ all will work right.  If it works fine with the tables
>
Yes, it's one of the 1st things I have done. But, flushing the tables 
gave me exactly the
same messages (!!). So I think 2.4.4 iptables are buggy.
As this firewall wants to masquerade anyway, I've put 'vpnd' behind it 
on a 2.2.17 box and it works perfectly.

Maybe one day, after a kernel upgrade, I'll try cipe or vpnd on this 
2.4.x system.

Also, '/sbin/iptables -L -n -v -t nat' gives:

Chain PREROUTING (policy ACCEPT 325869 packets, 35462080 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 455466 packets, 37783009 bytes)
 pkts bytes target     prot opt in     out     source               
destination
 5414  364K MASQUERADE  all  --  *      ppp0    192.168.1.0/24       
0.0.0.0/0 
  442 21112 MASQUERADE  all  --  *      ppp0    192.168.2.0/24       
0.0.0.0/0 

Chain OUTPUT (policy ACCEPT 455327 packets, 37756776 bytes)
 pkts bytes target     prot opt in     out     source               
destination 

-----
As you can see, 'out=ppp0' and not '*' so it should masquerade only 
packets going out through ppp0 not cipcb0. So 'iptables -t nat -I 
POSTROUTING 1 -d 192.168.X.0/24 -j RETURN' should not be needed....(bug ?)

Best regards,

    Ludovic Drolez.





<< | Thread Index | >> ]    [ << | Date Index | >> ]