<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Routing: Ping from router A to Host behind Router B does not work
From: Gert.Vandelaer,AT,medisearch-int,DOT,com
Date: Tue, 5 Feb 2002 10:13:53 +0100

Nils,

You can perfectly have masquerading and vpn up at the same time.

Router A :     VPN  allow RouterB's regged IP, incoming UDP : port ....
          VPN  allow HostB's Network / Netmask incoming via cipdb0 (;
destination HostA's Network / Netmask --> this only security related, not
necessary)
          MASQ allow HostA's Network / Netmask forwarding via local-eth#;
destination NOT HostB's network / netmask --> this to prevent LAN being
spewed directly on, the Internet
          VPN  allow HostA's Network / Netmask forwarding via local-eth#;
destination HostB's Network / Netmask --> this to make MASQ still work

Be sure to have the forwarding rules in this order ...

Router B : ... well, the same story here, but than in reverse ....

Cya,
Gert

                                                                              
                                                     
                    "Nils                                                     
                                                     
                    Lichtenfeld"            To:     
<Gert.Vandelaer,AT,medisearch-int,DOT,com>                                    
       
 
                    <Nils.Lichtenfel        cc:     "Cipe Newsgroup" 
<cipe-l,AT,inka,DOT,de>, <owner-cipe-l,AT,inka,DOT,de>                      
                    d,AT,gmx,DOT,net>              Subject:     Re: Routing: 
Ping 
from router A to Host behind Router B does not work     
                                                                              
                                                     
                    04/02/2002 10:58                                          
                                                     
                    PM                                                        
                                                     
                                                                              
                                                     
                                                                              
                                                     

Hi Gert!

> Have you tried the pings with the firewall flushed ?

Well, I just tried and it worked :-)
Both routers ipchains -L output looks like this:

Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     all  ------  anywhere             anywhere              n/a
Chain forward (policy DENY):
target     prot opt     source                destination           ports
ACCEPT     all  ------  anywhere             anywhere              n/a
Chain output (policy ACCEPT):

But thats not the way it can stay... I at least have to get the
masquerading back in. With forwardpolicy looking like this

target     prot opt     source                destination           ports
ACCEPT     all  ------  192.168.3.0/24       192.168.1.0/24        n/a
ACCEPT     all  ------  192.168.1.0/24       192.168.3.0/24        n/a
MASQ       all  ------  192.168.1.0/24       anywhere              n/a

everything behaved like before the "flush"....

I am still screwed.

MFG Nils





<< | Thread Index | >> ]    [ << | Date Index | >> ]