<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Routing: Ping from router A to Host behind Router B does not work
From: Keith Smith <keith,AT,ksmith,DOT,com>
Date: Tue, 5 Feb 2002 23:10:50 +0100
In-reply-to: <OFE5D1E49C.DC458517-ONC1256B56.0053012C@medisearch-int.com>

I think you just answered your own question ...

> Well, they look like
> route add -net 192.168.1.0/24 gw 10.10.1.1 # gw is IP of cipe-interface
> and
> route add -net 192.168.3.0/24 gw 10.10.3.1 # gw is IP of cipe-interface
> Does that make any difference?

You have no rule for forwarding to 10.10.anything, so its probably 
masquerading, and then things work out but not in (dest behind the router).

Why did you set up the CIPE on a different network?  My machines run the 
same IP for both, again, this simplifies your firewall rules, hence the 
ones I gave you, you probably need to add a rule like:

ipchains -A forward -b -s 192.168.0.0/16  -d 10.10.0.0/16 -j ACCEPT

Under your current scheme traffic directed to 10.10.* gets masq'd

I think the firewall code must be looking at where the packet came from 
and where it is going on the next hop, not it's final destination.  Just 
a guess because this does not seem correct to me.

Unless there is something I'm not aware of (and it works for me), I'd 
make my internal ethernet address the same as my CIPE one.  There are 
also advantages there in the event the tunnel is down.  Eliminates the 
need for dummy interfaces, and simplifies your ruleset.

-- 
Keith Smith                 keith,AT,ksmith,DOT,com
655 W Fremont Dr
Tempe AZ 85282              it's hot





<< | Thread Index | >> ]    [ << | Date Index | >> ]