<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: complex routing through cipe
From: ewheeler,AT,kaico,DOT,com
Date: Tue, 6 Nov 2001 23:21:55 +0100
In-reply-to: <Pine.LNX.4.33.0111060902020.5958-100000@dirac.ucsc.edu>

Colin --

  I think I see the problem.  

  Every router needs a route to every host.  There isn't a routing entry
for 17x.z.z.z/16 through 10.1.1.1 on machine A.  It is equally important
that the systems on the 17x.z.z.z network either:
  1. use machine b as their default gw
  2. have a static route to 10.1.1.0/24 through 10.2.1.1.

If your you are talking about 3+ routers getting involved, it may be time
to look into RIP (www.gated.org).

--Eric

On Tue, 6 Nov 2001, C. Rognlie wrote:

> scenario:
> 
>       machine A: (linux 2.4.9 , cipe 1.4.5)
>       eth0    63.xxx.xxx.xxx  (27 bit network - internet)
>       eth1    10.1.1.1        (24 bit network - intranet)
>       cipcb0  10.1.1.1
>       routes:
>               10.1.1.0/24     eth1
>               10.2.1.1        cipcb0  (peer)
>               10.2.1.0/24     cipcb0
>               default         eth0
> 
>       machine B: (linux 2.4.2-2 , cipe 1.4.5)
>       eth0    63.yyy.yyy.yyy
>       eth1    10.2.1.1
>       eth2    172.zzz.zzz.zzz (connection to remote intranet)
>       cipcb0  10.2.1.1
>       routes
>               10.1.1.1        cipcb0  (peer)
>               10.2.1.0/24     eth1
>               172.zz.zz.0/24  eth2
>               170.zz.zz.0/16  eth2
>               10.1.1.0/24     cipcb0
>               default         eth0
> 
> 
> The tunnel is up and running, both 10. networks can see each other through 
> the tunnel.  My issue is that on machine B, i have a connection to the 
> 170 network, which I can access from the 10.2. network (B's LAN), but I 
> need to enable the 10.1. network (A's LAN) to get to the 170. network 
> through the tunnel, and out B's eth2.
> 
> My iptables look like this:
> 
> machine A:
> 
> iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j SNAT --to-source 
>63.xxx.xxx.xxx
> 
> machine B:
> 
> iptables -t nat -A POSTROUTING -s 10.2.1.0/24 -d 170.zzz.zzz.0/16 -o eth2 
>-j SNAT --to-source 172.zzz.zzz.zzz
> iptables -t nat -A POSTROUTING -s 10.2.1.0/24 -o eth0 -j SNAT --to-source 
>63.yyy.yyy.yyy
> 
> I've tried adding a line in machine B identical to the first, referencing 
> 10.1.1.0/24, but it doesn't work.  Any thoughts?
> 
> Colin Rognlie
> colin,AT,dirac,DOT,ucsc,DOT,edu
> 
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 

-- 

Eric Wheeler
Network Administrator
KAICO
20417 SW 70th Ave.
Tualatin, OR 97062
www.kaico.com
Voice: 503.692.5268





<< | Thread Index | >> ]    [ << | Date Index | >> ]