<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Very Basic Question re Cipe and LRP
From: Gert.Vandelaer,AT,medisearch-int,DOT,com
Date: Fri, 21 Sep 2001 11:53:44 +0200

----- Forwarded by Gert Vandelaer/Medisearch on 21/09/2001 11:37 AM -----
                    Gert Vandelaer                                            
                                         To:     John Hamill 
                    21/09/2001           cc:                                  
                    11:42 AM             Subject:     Re: Very Basic Question 
re Cipe and LRP(Document link: Gert Vandelaer)                  

'gday John ;-)

There's no real special routing stuff involved here ...

On Machine A where you have a LAN class C network, you should
add 1 static route (preferably in your ip-up script)
I assume netmask for all networks involved ...
route add -net netmask gw

And on Machine B
route add -net netmask gw

Now bring up the links, set "debug=true" to see on the console if the
connection comes up fine ...

That's all for routing, now flush you ipchains-rules, set policies to
ACCEPT and try to ping from machine A to machine B via the CIPE-devices.

As for the firewall rules, no special tricks eithers,
if you want to mask your LAN (or certain hosts only) just add a masq rule
in you forward section as usual.
On Machine A it would look something like this.
policy DENY
-A input -s -d 0/0 -i 'cipdevice' -j ACCEPT
... add more rules as needed ...
policy DENY
-A forward -s -d ! -j MASQ
-A forward -s -d -i 'eth(LAN)' -j ACCEPT
-A forward -s -d -i 'cipdevice' -j ACCEPT

As for iptables rules things are a little different because of the way
FORWARD works with new netfilter,
but this should suffice for ipchains ..


                    John Hamill                                               
                    <jh,AT,lan1,DOT,com,DOT,        To:     
                    au>                  cc:                                  
                    Sent by:             Subject:     Very Basic Question re 
Cipe and LRP                                                     
                    04:07 AM                                                  


Please excuse my ignorance here as I stumble through getting cipe going
LRP. I have managed to get my router working ok so that I can ping from a
workstation attached to my linux router project box to the outside world.
But I am a bit lost about what ipchains settings I need to enable for
and cipe. Would somebody be able to shed some light for me.

I have the following configuration
Machine A
me        203.x.x.2:9990
peer      203.x.x.1:9990
key       secret

Machine B
me        203.x.x.1:9990
peer      203.x.x.2:9990
key       secret

my Machine A routing table is dev cipcb0 proto kernel scope link src dev eth0 proto kernel scope link src
203.x.x.0/24 dev eth0 proto kernel scope link src 203.x.x.2
default via 203.x.x.166 dev eth0

I have workstation attached to machine A with ip address
can ping to 203.x.x.1 and 203.x.x.2 OK. When I try and ping on Machine A to I get time outs. I don't believe my ip-up script is running, so
if somebody could tell me what that minimal ipchain commands I need to
execute I would be externally grateful :-)


Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive: <URL:

<< | Thread Index | >> ]    [ << | Date Index | >> ]