<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Very Basic Question re Cipe and LRP
From: Gert.Vandelaer,AT,medisearch-int,DOT,com
Date: Fri, 21 Sep 2001 11:53:44 +0200

----- Forwarded by Gert Vandelaer/Medisearch on 21/09/2001 11:37 AM -----
                                                                              
                                                                
                    Gert Vandelaer                                            
                                                                
                                         To:     John Hamill 
<jh,AT,lan1,DOT,com,DOT,au> 
                                                                
                    21/09/2001           cc:                                  
                                                                
                    11:42 AM             Subject:     Re: Very Basic Question 
re Cipe and LRP(Document link: Gert Vandelaer)                  
                                                                              
                                                                
                                                                              
                                                                

'gday John ;-)

There's no real special routing stuff involved here ...

On Machine A where you have a LAN class C 192.168.9.0 network, you should
add 1 static route (preferably in your ip-up script)
I assume netmask 255.255.255.0 for all networks involved ...
route add -net 192.168.8.0 netmask 255.255.255.0 gw 192.168.8.1

And on Machine B
route add -net 192.168.9.0 netmask 255.255.255.0 gw 192.168.9.1

Now bring up the links, set "debug=true" to see on the console if the
connection comes up fine ...

That's all for routing, now flush you ipchains-rules, set policies to
ACCEPT and try to ping from machine A to machine B via the CIPE-devices.

As for the firewall rules, no special tricks eithers,
if you want to mask your LAN (or certain hosts only) just add a masq rule
in you forward section as usual.
On Machine A it would look something like this.
INPUT
policy DENY
-A input -s 192.168.9.0/24 -d 0/0 -i 'cipdevice' -j ACCEPT
... add more rules as needed ...
FORWARD
policy DENY
-A forward -s 192.168.8.0/24 -d ! 192.168.9.0/24 -j MASQ
-A forward -s 192.168.8.0/24 -d 192.168.9.0/24 -i 'eth(LAN)' -j ACCEPT
-A forward -s 192.168.9.0/24 -d 192.168.8.0/24 -i 'cipdevice' -j ACCEPT

As for iptables rules things are a little different because of the way
FORWARD works with new netfilter,
but this should suffice for ipchains ..

Cya,
Gert

                                                                              
                                                                
                    John Hamill                                               
                                                                
                    <jh,AT,lan1,DOT,com,DOT,        To:     
"'cipe-l,AT,inka,DOT,de'" 
<cipe-l,AT,inka,DOT,de>                                                       
   
                    au>                  cc:                                  
                                                                
                    Sent by:             Subject:     Very Basic Question re 
Cipe and LRP                                                     
                    owner-cipe-l@                                             
                                                                
                    inka.de                                                   
                                                                
                                                                              
                                                                
                                                                              
                                                                
                    21/09/2001                                                
                                                                
                    04:07 AM                                                  
                                                                
                                                                              
                                                                
                                                                              
                                                                

G'day

Please excuse my ignorance here as I stumble through getting cipe going
with
LRP. I have managed to get my router working ok so that I can ping from a
workstation attached to my linux router project box to the outside world.
But I am a bit lost about what ipchains settings I need to enable for
ipmasq
and cipe. Would somebody be able to shed some light for me.

I have the following configuration
Machine A
ptpaddr   192.168.8.1
ipaddr    192.168.9.1
me        203.x.x.2:9990
peer      203.x.x.1:9990
key       secret

Machine B
ptpaddr   192.168.9.1
ipaddr    192.168.8.1
me        203.x.x.1:9990
peer      203.x.x.2:9990
key       secret

my Machine A routing table is
192.168.8.1 dev cipcb0 proto kernel scope link src 192.168.9.1
192.168.9.0/24 dev eth0 proto kernel scope link src 192.168.9.1
203.x.x.0/24 dev eth0 proto kernel scope link src 203.x.x.2
default via 203.x.x.166 dev eth0

I have workstation attached to machine A with ip address 192.168.9.100
which
can ping to 203.x.x.1 and 203.x.x.2 OK. When I try and ping on Machine A to
192.168.9.1 I get time outs. I don't believe my ip-up script is running, so
if somebody could tell me what that minimal ipchain commands I need to
execute I would be externally grateful :-)

John

--
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive: <URL:
http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]