<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: complex routing through cipe
From: "C. Rognlie" <colin,AT,dirac,DOT,ucsc,DOT,edu>
Date: Tue, 6 Nov 2001 18:41:30 +0100
In-reply-to: <20011105142603.A780@grmbl.be>

scenario:

        machine A: (linux 2.4.9 , cipe 1.4.5)
        eth0    63.xxx.xxx.xxx  (27 bit network - internet)
        eth1    10.1.1.1        (24 bit network - intranet)
        cipcb0  10.1.1.1
        routes:
                10.1.1.0/24     eth1
                10.2.1.1        cipcb0  (peer)
                10.2.1.0/24     cipcb0
                default         eth0

        machine B: (linux 2.4.2-2 , cipe 1.4.5)
        eth0    63.yyy.yyy.yyy
        eth1    10.2.1.1
        eth2    172.zzz.zzz.zzz (connection to remote intranet)
        cipcb0  10.2.1.1
        routes
                10.1.1.1        cipcb0  (peer)
                10.2.1.0/24     eth1
                172.zz.zz.0/24  eth2
                170.zz.zz.0/16  eth2
                10.1.1.0/24     cipcb0
                default         eth0

The tunnel is up and running, both 10. networks can see each other through 
the tunnel.  My issue is that on machine B, i have a connection to the 
170 network, which I can access from the 10.2. network (B's LAN), but I 
need to enable the 10.1. network (A's LAN) to get to the 170. network 
through the tunnel, and out B's eth2.

My iptables look like this:

machine A:

iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j SNAT --to-source 
63.xxx.xxx.xxx

machine B:

iptables -t nat -A POSTROUTING -s 10.2.1.0/24 -d 170.zzz.zzz.0/16 -o eth2 -j 
SNAT --to-source 172.zzz.zzz.zzz
iptables -t nat -A POSTROUTING -s 10.2.1.0/24 -o eth0 -j SNAT --to-source 
63.yyy.yyy.yyy

I've tried adding a line in machine B identical to the first, referencing 
10.1.1.0/24, but it doesn't work.  Any thoughts?

Colin Rognlie
colin,AT,dirac,DOT,ucsc,DOT,edu





<< | Thread Index | >> ]    [ << | Date Index | >> ]