Cipe and masquerading.|
Kurt Roeckx <Q,AT,ping,DOT,be>|
Wed, 25 Sep 2002 22:25:38 +0200|
I've been looking thru the archives for my problem, it seems to
come up alot, but I can't find the solution.
This is the setup:
host A <---> host B <---> internet <---> host C <---> host D <---> host E
Host B and C both do masquerading/nat of all traffic.
Host B and D run cipe (1.5.4) on Linux 2.4.19.
Host B and D have static routes for the other (private) nets.
Host B can reach both D and E.
Host A can not reach D or E, but can reach the internet.
Host D and E can reach B, not A.
I think the problem is related to host B doing both the NAT and
the cipe at the same time, but not sure what.
If host A sends something to D/E, I don't see it on the cipb0 or ppp0
device at all.
What I think that should happen is that the traffic to D/E should
not be masqueraded, but just tunneled to the other side. I tried
preventing that with iptables -t nat -I POSTROUTING -d 10.0.1.0/24 -j RETURN,
but that didn't seem to have any effect.
The packet seems to get lost when it's send in the cipb0 device,
and never gets to ppp0.
Any idea how I can fix this?