<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: pbs with cipe 2.2.14 <--> 2.4.4ac5
From: ewheeler,AT,kaico,DOT,com
Date: Wed, 20 Jun 2001 20:17:10 +0200
In-reply-to: <3B306314.2090403@freealter.com>

You're right.. out is ppp0, so you should be ok.  You might still try the
iptables -j RETURN line.  This way you're forcing linux to route the
traffic.  If you have tried with a flushed nat and firewall table, then I
don't know.  If there are no iptable rules for any table then you're
right.. there's probably a bug somewhere.  

--Eric

On Wed, 20 Jun 2001, Ludovic Drolez wrote:

> ewheeler,AT,kaico,DOT,com wrote:
> 
> >
> >your firewall rules.  Next, do this:
> >
> >  iptables -F
> >  iptables -t nat -F
> >  ipchains -F
> >
> >
> >Once you've flushed ipchains (for the 2.2.x kernel) and iptables (for the
> >2.4.x kernel) try your connections again.  
> >
> >~hopefully~ all will work right.  If it works fine with the tables
> >
> Yes, it's one of the 1st things I have done. But, flushing the tables 
> gave me exactly the
> same messages (!!). So I think 2.4.4 iptables are buggy.
> As this firewall wants to masquerade anyway, I've put 'vpnd' behind it 
> on a 2.2.17 box and it works perfectly.
> 
> Maybe one day, after a kernel upgrade, I'll try cipe or vpnd on this 
> 2.4.x system.
> 
> Also, '/sbin/iptables -L -n -v -t nat' gives:
> 
> Chain PREROUTING (policy ACCEPT 325869 packets, 35462080 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
> 
> Chain POSTROUTING (policy ACCEPT 455466 packets, 37783009 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>  5414  364K MASQUERADE  all  --  *      ppp0    192.168.1.0/24       
> 0.0.0.0/0 
>   442 21112 MASQUERADE  all  --  *      ppp0    192.168.2.0/24       
> 0.0.0.0/0 
> 
> Chain OUTPUT (policy ACCEPT 455327 packets, 37756776 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination 
> 
> -----
> As you can see, 'out=ppp0' and not '*' so it should masquerade only 
> packets going out through ppp0 not cipcb0. So 'iptables -t nat -I 
> POSTROUTING 1 -d 192.168.X.0/24 -j RETURN' should not be needed....(bug ?)
> 
> Best regards,
> 
>     Ludovic Drolez.
> 
> 
> 
> 
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 





<< | Thread Index | >> ]    [ << | Date Index | >> ]