RE: Cipe and masquerading.|
Thu, 26 Sep 2002 00:27:20 +0200|
Host B is probably masquerading traffic going through cipcb0 -- it should
*not* do that! Traffic forwarded to your internet interface should be
masq'ed but not traffic forwarded to your cipe (cipcb?) interfaces.
> -----Original Message-----
> From: Kurt Roeckx [SMTP:Q,AT,ping,DOT,be
> Sent: Wednesday, September 25, 2002 1:08 PM
> To: cipe-l,AT,inka,DOT,de
> Subject: Cipe and masquerading.
> I've been looking thru the archives for my problem, it seems to
> come up alot, but I can't find the solution.
> This is the setup:
> host A <---> host B <---> internet <---> host C <---> host D <---> host E
> 10.0.0.0/24 10.0.1.0/24
> Host B and C both do masquerading/nat of all traffic.
> Host B and D run cipe (1.5.4) on Linux 2.4.19.
> Host B and D have static routes for the other (private) nets.
> The problem:
> Host B can reach both D and E.
> Host A can not reach D or E, but can reach the internet.
> Host D and E can reach B, not A.
> I think the problem is related to host B doing both the NAT and
> the cipe at the same time, but not sure what.
> If host A sends something to D/E, I don't see it on the cipb0 or ppp0
> device at all.
> What I think that should happen is that the traffic to D/E should
> not be masqueraded, but just tunneled to the other side. I tried
> preventing that with iptables -t nat -I POSTROUTING -d 10.0.1.0/24 -j
> but that didn't seem to have any effect.
> The packet seems to get lost when it's send in the cipb0 device,
> and never gets to ppp0.
> Any idea how I can fix this?
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: