<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Cipe and masquerading.
From: Kurt Roeckx <Q,AT,ping,DOT,be>
Date: Wed, 25 Sep 2002 22:25:38 +0200

I've been looking thru the archives for my problem, it seems to
come up alot, but I can't find the solution.

This is the setup:

host A <---> host B <---> internet <---> host C <---> host D <---> host E
             10.0.0.0/24                              10.0.1.0/24

Host B and C both do masquerading/nat of all traffic.
Host B and D run cipe (1.5.4) on Linux 2.4.19.
Host B and D have static routes for the other (private) nets. 

The problem:
Host B can reach both D and E.
Host A can not reach D or E, but can reach the internet.
Host D and E can reach B, not A.

I think the problem is related to host B doing both the NAT and
the cipe at the same time, but not sure what.

If host A sends something to D/E, I don't see it on the cipb0 or ppp0
device at all.

What I think that should happen is that the traffic to D/E should
not be masqueraded, but just tunneled to the other side.  I tried
preventing that with iptables -t nat -I POSTROUTING -d 10.0.1.0/24 -j RETURN,
but that didn't seem to have any effect.

The packet seems to get lost when it's send in the cipb0 device,
and never gets to ppp0.

Any idea how I can fix this?

Kurt





<< | Thread Index | >> ]    [ << | Date Index | >> ]