<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Routing: Ping from router A to Host behind Router B does not work
From: "Nils Lichtenfeld" <Nils.Lichtenfeld,AT,gmx,DOT,net>
Date: Tue, 5 Feb 2002 17:49:49 +0100

Hallo Gert

> Router A :     VPN  allow RouterB's regged IP, incoming UDP : port ....
>           VPN  allow HostB's Network / Netmask incoming via cipdb0 (;
> destination HostA's Network / Netmask --> this only security related, not
> necessary)
>           MASQ allow HostA's Network / Netmask forwarding via local-eth#;
> destination NOT HostB's network / netmask --> this to prevent LAN being
> spewed directly on, the Internet
>           VPN  allow HostA's Network / Netmask forwarding via local-eth#;
> destination HostB's Network / Netmask --> this to make MASQ still work
>
> Be sure to have the forwarding rules in this order ...

Well, thanks for the answer, but I am not quiet shure I understood what you 
wrote. Her is what I made out of it for Router B
(192.168.3.1, me=0.0.0.0:4040) :
ipchains -A forward -p udp -s 192.168.1.1 --dport 4040 -j ACCEPT
ipchains -A forward -s 192.168.1.0/24 -i cipcb0 -d 192.168.3.0/24 -j ACCEPT
ipchains -A forward -s 192.168.3.0/24 -i eth0  -d ! 192.168.1.0/24 -j MASQ
ipchains -A forward -s 192.168.3.0/24 -i eth0 -d 192.168.1.0/24 -j ACCEPT

But that didn't work at all, my network did not even get masqueraded. The 
same rules but without the -i parameter made my network
masqueraded again, and connections through the cipe-tunnel where possible. 
But still, pings from Router A -> Host B and Router B ->
Host A could not make their way through...

I still do not understand why a simple
ipchains -A forward -s 192.168.3.0/24 -d 192.168.1.0/24 -j ACCEPT
ipchains -A forward -s 192.168.1.0/24 -d 192.168.3.0/24 -j ACCEPT
ipchains -A forward -s 192.168.3.0/24 -j MASQ
for Router B (and the reverse for Router A) is not doing it. (Ping goes Host 
A -> Router B but not Router B -> Host A !!)

Still screwed..
MFG Nils





<< | Thread Index | >> ]    [ << | Date Index | >> ]