<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: dynamic clarity...
From: kevin lyda <kevin,AT,suberic,DOT,net>
Date: Thu, 27 Sep 2001 15:43:12 +0200
In-reply-to: <20010926213046.C11633@suberic.net>

On Thu, Sep 27, 2001 at 10:31:39AM +0600, Bram Dumolin wrote:
> kevin lyda(kevin,AT,suberic,DOT,net)@Wed, Sep 26, 2001 at 09:30:46PM +0100:
> > ok, the cipe docs and google searches don't seem to give a very clear
> > description of connecting up a dynamic hosts all to a single static
> > host/hub.
> You know how many you want to connect?

well, i'm just interested in me connecting, but i was trying to help
out my friendly neighborhood admin.

> Basically you can start up a number of instances of cipe and on the
> hub side you can define in the options file as peer 0.0.0.0:port

yeah, but then i'm limited to 65000 or so connections.  :)

ok, so we did it as you and several others described.  thanks!  i did
want to mention one thing that might be of use to others.

my machine has a set of pretty draconian ipchains rules to block
people out.  in addition it masquerades for my home network.  once i
got the net connected machine (inle) working with cipe, i tried to get
my laptop (roo) to ping through.  it failed.  eventually i realised
that my default ipchains forward policy was to deny and i only allowed
MASQ'd forwards through ppp0.  right, so i added the cipcb0 interface
to the forward chain as ACCEPT.  connections from roo to the remote side
half-worked.  packets could get from roo to the remote side, but not the
other way around.  for longer then i care to admit i thought about this.
then i realised i needed to allow eth0 to forward.  added that and voila,
it worked.  so now i have:

ipchains -P forward DENY
ipchains -A forward -i ppp0 -j MASQ
ipchains -A forward -i eth0 -j ACCEPT
ipchains -A forward -i cipcb0 -j ACCEPT

kevin

-- 
kevin,AT,suberic,DOT,net          "if you come from brooklyn you can handle 
just
fork()'ed on 37058400       about anything."  --nyc mayor, rudolph gulliani
meatspace place: home      
http://suberic.net/~kevin

Attachment: pgp00001.pgp
Description: "PGP signature"


<< | Thread Index | >> ]    [ << | Date Index | >> ]