| Subject: | Configure cipe with iptables |
| From: | Andreas Dahlén <andreas,AT,dahlen,DOT,ws> |
| Date: | Wed, 16 Jan 2002 21:28:58 +0100 |
Hi! I've problem to get cipe to work with iptables. If I have no iptables rules and sets the default iptables policy to ACCEPT for INPUT, OUTPUT and FORWARD everything works fine. I.e. I can comunicate over the CIPE-link. But I don't wants to have iptables configured in such a open way. I've tried the following (besides the some basic rules), but with this configuration I get "ping: sendto: Operation not permitted" when I tries to ping the cipe-address of the other gate. Gate A: $IPTABLES -A INPUT -p UDP -i $EXT_IF -s gateB_IP -j ACCEPT $IPTABLES -A OUTPUT -p UDP -o $EXT_IF -d gateB_IP -j ACCEPT $IPTABLES -A INPUT -i cipecb0 -j ACCEPT $IPTABLES -A OUTPUT -o cipecb0 -j ACCEPT $IPTABLES -A FORWARD -i cipecb0 -j ACCEPT options: me 6060 peer gateB_IP ptpaddr 10.255.255.3 ipaddr 10.255.255.1 Gate B: $IPTABLES -A INPUT -p UDP -i $EXT_IF -s gateA_IP -j ACCEPT $IPTABLES -A OUTPUT -p UDP -o $EXT_IF -d gateA_IP -j ACCEPT $IPTABLES -A INPUT -i cipecb0 -j ACCEPT $IPTABLES -A OUTPUT -o cipecb0 -j ACCEPT $IPTABLES -A FORWARD -i cipecb0 -j ACCEPT options: me 6060 peer gateA_IP ptpaddr 10.255.255.1 ipaddr 10.255.255.3 What do I miss with the configuration of iptables? Software used: cipe 1.5.2 iptables 1.2.4 kernel 2.4.9 (Redhat 7.2 original) and 2.4.5 (Custumed compiled) /Andreas