|Subject:||Re: dynamic clarity...|
|From:||kevin lyda <kevin,AT,suberic,DOT,net>|
|Date:||Thu, 27 Sep 2001 15:43:12 +0200|
On Thu, Sep 27, 2001 at 10:31:39AM +0600, Bram Dumolin wrote: > kevin lyda(kevin,AT,suberic,DOT,net)@Wed, Sep 26, 2001 at 09:30:46PM +0100: > > ok, the cipe docs and google searches don't seem to give a very clear > > description of connecting up a dynamic hosts all to a single static > > host/hub. > You know how many you want to connect? well, i'm just interested in me connecting, but i was trying to help out my friendly neighborhood admin. > Basically you can start up a number of instances of cipe and on the > hub side you can define in the options file as peer 0.0.0.0:port yeah, but then i'm limited to 65000 or so connections. :) ok, so we did it as you and several others described. thanks! i did want to mention one thing that might be of use to others. my machine has a set of pretty draconian ipchains rules to block people out. in addition it masquerades for my home network. once i got the net connected machine (inle) working with cipe, i tried to get my laptop (roo) to ping through. it failed. eventually i realised that my default ipchains forward policy was to deny and i only allowed MASQ'd forwards through ppp0. right, so i added the cipcb0 interface to the forward chain as ACCEPT. connections from roo to the remote side half-worked. packets could get from roo to the remote side, but not the other way around. for longer then i care to admit i thought about this. then i realised i needed to allow eth0 to forward. added that and voila, it worked. so now i have: ipchains -P forward DENY ipchains -A forward -i ppp0 -j MASQ ipchains -A forward -i eth0 -j ACCEPT ipchains -A forward -i cipcb0 -j ACCEPT kevin -- kevin,AT,suberic,DOT,net "if you come from brooklyn you can handle just fork()'ed on 37058400 about anything." --nyc mayor, rudolph gulliani meatspace place: home http://suberic.net/~kevin
Description: "PGP signature"