RE: Cipe and masquerading.|
"Bort, Paul" <pbort,AT,tmwsystems,DOT,com>|
Wed, 25 Sep 2002 22:57:18 +0200|
Is there any way you could put D's cipe endpoint on C instead? Or put an
un-NAT'ed tunnel from C to D for just the CIPE traffic?
> -----Original Message-----
> From: Kurt Roeckx [mailto:Q,AT,ping,DOT,be
> Sent: Wednesday, September 25, 2002 4:08 PM
> To: cipe-l,AT,inka,DOT,de
> Subject: Cipe and masquerading.
> I've been looking thru the archives for my problem, it seems to
> come up alot, but I can't find the solution.
> This is the setup:
> host A <---> host B <---> internet <---> host C <---> host D
> <---> host E
> 10.0.0.0/24 10.0.1.0/24
> Host B and C both do masquerading/nat of all traffic.
> Host B and D run cipe (1.5.4) on Linux 2.4.19.
> Host B and D have static routes for the other (private) nets.
> The problem:
> Host B can reach both D and E.
> Host A can not reach D or E, but can reach the internet.
> Host D and E can reach B, not A.
> I think the problem is related to host B doing both the NAT and
> the cipe at the same time, but not sure what.
> If host A sends something to D/E, I don't see it on the cipb0 or ppp0
> device at all.
> What I think that should happen is that the traffic to D/E should
> not be masqueraded, but just tunneled to the other side. I tried
> preventing that with iptables -t nat -I POSTROUTING -d
> 10.0.1.0/24 -j RETURN,
> but that didn't seem to have any effect.
> The packet seems to get lost when it's send in the cipb0 device,
> and never gets to ppp0.
> Any idea how I can fix this?
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: