<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Cipe and masquerading.
From: Kurt Roeckx <Q,AT,ping,DOT,be>
Date: Wed, 25 Sep 2002 23:41:01 +0200
In-reply-to: <C106BE84A6B5D411883300508B55B83A01559131@tmwsystems.com>

On Wed, Sep 25, 2002 at 04:41:10PM -0400, Bort, Paul wrote:
> Is there any way you could put D's cipe endpoint on C instead? Or put an
> un-NAT'ed tunnel from C to D for just the CIPE traffic?

I think the problem is at A/B, not C/D/E.

Having a different box doing the NAT and the CIPE seems work,
letting the same box do it not.

The traffic between C and D is not NAT'ed.  C does NAT/MASQ going
on the internet.  The cipe tunnel should then be NAT'ed over the
internet to host B.

Maybe an example with more info about what data should go between
what hosts would help.

This is how I think it should work:

Example:
Host A: 10.0.0.2
Host B: 10.0.0.1
        1.2.3.4
        <internet>
Host C: 4.3.2.1
        10.0.1.1
Host D: 10.0.1.2
Host E: 10.0.1.3

Maybe I should give host D two interfaces too, but it's not needed
for this example.

Host A sends a packet (icmp echo request) to host E.

Data the hosts sends, each line contains the next "layer".
Host A: IP: source: 10.0.0.2, dest: 10.0.1.3
        icmp
Host B: IP: source: 1.2.3.4, dest: 4.3.2.1, 
        UDP (cipe): source: 1025, dest: 1026
        IP: source: 10.0.0.2, dest: 10.0.1.3    
        icmp

Host C: IP: source 1.2.3.4, dest: 10.0.1.2
        UDP (cipe): source: 1025, dest: 1026
        IP: source: 10.0.0.2, dest: 10.0.1.3
        icmp

Host D: IP: source: 10.0.0.2, dest: 10.0.1.3
        icmp

Then host E replies with an icmp echo reply:
Host E: IP: source: 10.0.1.3, dest: 10.0.0.2
        icmp
Host D: IP: source: 10.0.1.2, dest: 1.2.3.4
        UDP (cipe): source: 1026, dest: 1025
        IP: source: 10.0.1.3, dest: 10.0.0.2
        icmp
Host C: IP source: 4.3.2.1, dest: 1.2.3.4
        UDP (cipe): source: 1026, dest: 1025
        IP: source: 10.0.1.3, dest: 10.0.0.2
        icmp
Host B: IP: source: 10.0.1.3, dest: 10.0.0.2
        icmp

Kurt





<< | Thread Index | >> ]    [ << | Date Index | >> ]