Re: IP Masq over CIPE tunnel.|
Casey Carter <Casey,AT,Carter,DOT,net>|
Wed, 22 Aug 2001 08:18:53 +0200|
Ok, I can reproduce this with:
ifconfig dummy0 10.0.0.1 pointopoint 10.0.0.2
iptables -t nat -A POSTROUTING -o dummy0 -s 192.168.0.0/24 -j MASQUERADE
ping -I 192.168.0.4 10.0.0.2
(My private network is 192.168.0.0/24, this machine is 192.168.0.4).
This has nothing to do with CIPE; netfilter refuses to masquerade
source IPs that belong to the local machine. if i run ping 10.0.0.2 from
another box, the masquerading works. The error here is in your
specifying an invalid source address (at least invalid for this
particular use). You should never need to masquerade a machine as
itself -- the makes no sense.
Robert Davidson wrote:
>Does anyone know of any reason why no matter what I do I can not get
>IP Masquerading working over the CIPE tunnel (Kernel 2.4.8 and 2.4.9).
>The default gateway points to the remove end of the cipe tunnel.
>The iptables command I'm using to do the masquerading is:
> iptables -t nat -A POSTROUTING -o cipcb0 -s 192.168.1.0/24 -j
>Using tcpdump on the cipcb0 interface says the packets are coming from
>192.168.1.1, which they are, but they're supposed to be getting
> tcpdump: listening on cipcb0
> 22:46:53.068355 192.168.1.1.33646 > 188.8.131.52.33435: udp 10 [ttl
> 22:46:58.066598 192.168.1.1.33646 > 184.108.40.206.33436: udp 10 [ttl
> 22:47:03.066570 192.168.1.1.33646 > 220.127.116.11.33437: udp 10 [ttl
>I'm using the traceroute command to specify the source address of the
>packets, like so:
> traceroute -n -s 192.168.1.1 18.104.22.168
>eth0 on the pc has an address of 192.168.1.1.
>I've also tried flushing all firewall rules with no success.