<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: IP Masq over CIPE tunnel.
From: Steven Hanley <sjh,AT,svana,DOT,org>
Date: Thu, 23 Aug 2001 02:33:18 +0200
In-reply-to: <CJELIEBEFNCJAOMOOMNNMEGFCCAA.lesmikesell@home.com>

On Wed, Aug 22, 2001 at 12:31:19PM -0400, Jay Berkenbilt wrote:
> 
>    I know it works with a 2.2.x kernel and ipchains.  I dropped
>    CIPE into an e-smith linux distribution (kind of a packaged
>    office-in-a-box based on RH 6.2) and had to figure out their
>    configuration scheme to undo the MASQ on everything.  In
>    my case I wanted the tunneled nets to be able to see
>    each other's private numbers.
> 
> It even works with a 2.4 kernel and ipchains.  It fails only with a
> 2.4 kernel and iptables.

umm no, I am using 2.4.8 on a box at home running cipe and masquerading the
data off cipe onto my internet connection.

I am using 2.4.something here at work

cipcb0    Link encap:IPIP Tunnel  HWaddr   
          inet addr:192.168.21.1  P-t-P:192.168.21.18  Mask:255.255.255.255
          UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
          RX packets:90360 errors:77 dropped:0 overruns:0 frame:68
          TX packets:83749 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 

cipcb1    Link encap:IPIP Tunnel  HWaddr   
          inet addr:192.168.21.1  P-t-P:192.168.21.64  Mask:255.255.255.255
          UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          
cipcb2    Link encap:IPIP Tunnel  HWaddr   
          inet addr:192.168.21.1  P-t-P:192.168.21.10  Mask:255.255.255.255
          UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 

cipcb3    Link encap:IPIP Tunnel  HWaddr   
          inet addr:192.168.21.1  P-t-P:192.168.21.65  Mask:255.255.255.255
          UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
          RX packets:1280 errors:9 dropped:0 overruns:0 frame:7
          TX packets:1629 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          
cipcb4    Link encap:IPIP Tunnel  HWaddr   
          inet addr:192.168.21.1  P-t-P:192.168.21.66  Mask:255.255.255.255
          UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
          RX packets:30638 errors:15 dropped:0 overruns:0 frame:8
          TX packets:36635 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 

eth0      Link encap:Ethernet  HWaddr 00:90:27:41:C1:2E  
          inet addr:150.203.160.23  Bcast:150.203.160.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12980957 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5959987 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          Interrupt:11 Base address:0xdc00 

eth1      Link encap:Ethernet  HWaddr 00:60:67:37:44:7E  
          inet addr:192.168.20.1  Bcast:192.168.20.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:157615 errors:14768 dropped:0 overruns:0 frame:0
          TX packets:169924 errors:3549 dropped:0 overruns:0 carrier:3549
          collisions:140 txqueuelen:100 
          Interrupt:9 Base address:0xd400 

ciped-cb -o /etc/cipe/options.shiva
iptables -t nat -A POSTROUTING -s 192.168.21.18 -o eth0 -j MASQUERADE

ciped-cb -o /etc/cipe/server.bob
iptables -t nat -A POSTROUTING -s 192.168.21.10 -o eth0 -j MASQUERADE

ciped-cb -o /etc/cipe/server.64
iptables -t nat -A POSTROUTING -s 192.168.21.64 -o eth0 -j MASQUERADE

ciped-cb -o /etc/cipe/server.65
iptables -t nat -A POSTROUTING -s 192.168.21.65 -o eth0 -j MASQUERADE

ciped-cb -o /etc/cipe/server.66
iptables -t nat -A POSTROUTING -s 192.168.21.66 -o eth0 -j MASQUERADE

it did wotk perfectly using 

iptables -t nat -A POSTROUTING -s 192.168.21.0/24 -o eth0 -j MASQUERADE

however for various reasons we decideed to masquerade each ip individually.

Anyway the claim that iptables and cipe dont work for masquerading is rubbish
as I am using it at work and at home with no problems

        See You
            Steve

-- 
sjh,AT,wibble,DOT,net http://wibble.net/~sjh
Look Up In The Sky
    Is it a bird?   No
        Is it a plane    No
            Is it a small blue banana?
Yes





<< | Thread Index | >> ]    [ << | Date Index | >> ]