To: Cipe List <cipe-l,AT,inka,DOT,de>
Subject: Debian/Testing, Cipe, Iptables
From: K. David Prince <kdp,AT,hanhet,DOT,loew,DOT,washington,DOT,edu>
Date: Thu, 20 Dec 2001 09:56:03 -0800 (PST)

I'm installing the debian/testing cipe package.  I'm using kernel version
2.4.17-rc1, which is 2.4.16 pre-patched for 17.  The kernel is configured
for iptables support on two identical masquerading firewall machines.  I
installed the cipe package, compiled, and installed the resulting
cipe*.deb package.  All's well, so far:

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface   *      UH    0      0        0 cipcb0     *        U     0      0        0 eth1
rel.subnet.ad.0 *        U     0      0        0 eth0
default         gw.machine1         UG    0      0        0 eth0

Now, I need to insert the appropriate chains so that packets can pass
between the two private LANs.  I have read through "The Linux
Cipe+Masquerading mini-HOWTO", and I see how the chains are inserted via
the sample ip-up script for kernel 2.1/2.2 with ipchains.  But, before I
try to translate all their ipchains rules into iptables rules ....

Is there anyone out there that has created cipe ip-up/down scripts that
will insert _iptables_ chains that will bring up the cipcb0 interfaces
properly?  It would be really helpful if I could get a clear example as I
have read the archives (all through 2000-01 [by thread]) and have not
found a "wholeistic" example of ip-up/down scripts for iptables.  The only
thing I feel sure of right now is that cipe works with 2.4.x kernels.


Is there an update to the mini-HOWTO that includes the ip-up/down scripts
for iptables?

My setup is like this:

LAN-1 (192.168.1.xxx) <==>
        FW-1 (f.q.n.1) <===>
                Internet <==>
                        FW-2 (f.q.n.2) <==> LAN-2 (192.168.2.xxx)

