On Thu, 27 Dec 2001 SBNelson,AT,thermeon,DOT,com wrote:
<snip>
> > 2. Can CIPE be bound to 1 and only 1 device?
> I don't know for sure but I don't think so. Since CIPE's transports
> its data using UDP, it simply uses the OS's routing features to route the
> packets. So, if you want that to happen, you will have to do that outside
> of CIPE (using iproute2 software and/or ipchains/iptables??)
========
Scott, do you have example iptable commands that do this? I'm still
learning firewall chains and I can't seem to get packets to pass through
the cipe interface. Everything is up and running. For example, when I
restart cipe, syslog reports:
Dec 27 09:26:54 fw01 ciped-2.4.17-rc1[919]: CIPE daemon vers 1.5.2 (c) Olaf
Titz 1996-2000
Dec 27 09:26:54 fw01 kernel: cipcb0: alloc
Dec 27 09:26:54 fw01 kernel: cipcb: read_lock(&tasklist_lock) at
../cipe/device.c:216
Dec 27 09:26:54 fw01 kernel: cipcb: read_unlock(&tasklist_lock) at
../cipe/device.c:220
Dec 27 09:26:54 fw01 kernel: cipcb0: setpar
Dec 27 09:26:54 fw01 kernel: cipcb0: setpar 0.0.0.0:0 1000 60000 0200 0
Dec 27 09:26:54 fw01 kernel: cipcb0: setkey
Dec 27 09:26:54 fw01 kernel: cipcb0: attach
Dec 27 09:26:54 fw01 kernel: cipcb0: opened
Dec 27 09:26:54 fw01 kernel: cipcb0: cipe_sendmsg
Dec 27 09:26:54 fw01 kernel: cipcb0: cipe_recvmsg
Dec 27 09:26:54 fw01 ciped-2.4.17-rc1[919]: peer configuration info: proto=3,
crypto=b, version=1.5, correct key parser
Dec 27 09:26:54 fw01 kernel: cipcb0: cipe_recvmsg
running the route command shows cipcb0 as being up.
Thanks,
Dave
<snip>