Re: Routing: Ping from router A to Host behind Router B does not work|
"Nils Lichtenfeld" <Nils.Lichtenfeld,AT,gmx,DOT,net>|
Tue, 5 Feb 2002 17:49:49 +0100|
> Router A : VPN allow RouterB's regged IP, incoming UDP : port ....
> VPN allow HostB's Network / Netmask incoming via cipdb0 (;
> destination HostA's Network / Netmask --> this only security related, not
> MASQ allow HostA's Network / Netmask forwarding via local-eth#;
> destination NOT HostB's network / netmask --> this to prevent LAN being
> spewed directly on, the Internet
> VPN allow HostA's Network / Netmask forwarding via local-eth#;
> destination HostB's Network / Netmask --> this to make MASQ still work
> Be sure to have the forwarding rules in this order ...
Well, thanks for the answer, but I am not quiet shure I understood what you
wrote. Her is what I made out of it for Router B
(192.168.3.1, me=0.0.0.0:4040) :
ipchains -A forward -p udp -s 192.168.1.1 --dport 4040 -j ACCEPT
ipchains -A forward -s 192.168.1.0/24 -i cipcb0 -d 192.168.3.0/24 -j ACCEPT
ipchains -A forward -s 192.168.3.0/24 -i eth0 -d ! 192.168.1.0/24 -j MASQ
ipchains -A forward -s 192.168.3.0/24 -i eth0 -d 192.168.1.0/24 -j ACCEPT
But that didn't work at all, my network did not even get masqueraded. The
same rules but without the -i parameter made my network
masqueraded again, and connections through the cipe-tunnel where possible.
But still, pings from Router A -> Host B and Router B ->
Host A could not make their way through...
I still do not understand why a simple
ipchains -A forward -s 192.168.3.0/24 -d 192.168.1.0/24 -j ACCEPT
ipchains -A forward -s 192.168.1.0/24 -d 192.168.3.0/24 -j ACCEPT
ipchains -A forward -s 192.168.3.0/24 -j MASQ
for Router B (and the reverse for Router A) is not doing it. (Ping goes Host
A -> Router B but not Router B -> Host A !!)