<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Routing: Ping from router A to Host behind Router B does not work
From: "Nils Lichtenfeld" <Nils.Lichtenfeld,AT,gmx,DOT,net>
Date: Tue, 5 Feb 2002 17:49:49 +0100

Hallo Gert

> Router A :     VPN  allow RouterB's regged IP, incoming UDP : port ....
>           VPN  allow HostB's Network / Netmask incoming via cipdb0 (;
> destination HostA's Network / Netmask --> this only security related, not
> necessary)
>           MASQ allow HostA's Network / Netmask forwarding via local-eth#;
> destination NOT HostB's network / netmask --> this to prevent LAN being
> spewed directly on, the Internet
>           VPN  allow HostA's Network / Netmask forwarding via local-eth#;
> destination HostB's Network / Netmask --> this to make MASQ still work
> Be sure to have the forwarding rules in this order ...

Well, thanks for the answer, but I am not quiet shure I understood what you 
wrote. Her is what I made out of it for Router B
(, me= :
ipchains -A forward -p udp -s --dport 4040 -j ACCEPT
ipchains -A forward -s -i cipcb0 -d -j ACCEPT
ipchains -A forward -s -i eth0  -d ! -j MASQ
ipchains -A forward -s -i eth0 -d -j ACCEPT

But that didn't work at all, my network did not even get masqueraded. The 
same rules but without the -i parameter made my network
masqueraded again, and connections through the cipe-tunnel where possible. 
But still, pings from Router A -> Host B and Router B ->
Host A could not make their way through...

I still do not understand why a simple
ipchains -A forward -s -d -j ACCEPT
ipchains -A forward -s -d -j ACCEPT
ipchains -A forward -s -j MASQ
for Router B (and the reverse for Router A) is not doing it. (Ping goes Host 
A -> Router B but not Router B -> Host A !!)

Still screwed..
MFG Nils

<< | Thread Index | >> ]    [ << | Date Index | >> ]