<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Cipe and masquerading.
From: Kurt Roeckx <Q,AT,ping,DOT,be>
Date: Thu, 26 Sep 2002 01:10:04 +0200
In-reply-to: <C106BE84A6B5D411883300508B55B83A01559132@tmwsystems.com>

On Wed, Sep 25, 2002 at 06:08:06PM -0400, Bort, Paul wrote:
> > Host A sends a packet (icmp echo request) to host E.
> > 
> > Data the hosts sends, each line contains the next "layer".
> > Host A: IP: source: 10.0.0.2, dest: 10.0.1.3
> >     icmp
> > Host B: IP: source: 1.2.3.4, dest: 4.3.2.1, 
> >     UDP (cipe): source: 1025, dest: 1026
> >     IP: source: 10.0.0.2, dest: 10.0.1.3    
> >     icmp
> 
> How did the destination of the outer packet become 4.3.2.1? Is there a route
> on B like "10.0.1.0/24 via 4.3.2.1"? Shouldn't that route really show the IP
> address of the other end of the tunnel as the target? 

B thinks the cipe endpoint is 4.3.2.1, but it's really talking to
10.0.1.2, which is NAT'ed.

Trying to send to 10.0.1.3 over the internet is not going to
work.

> > Host C: IP: source 1.2.3.4, dest: 10.0.1.2
> >     UDP (cipe): source: 1025, dest: 1026
> >     IP: source: 10.0.0.2, dest: 10.0.1.3
> >     icmp
> 
> How did C make the destination of this packet 10.0.1.2? Is there
> source-based routing on C to forward packets from 1.2.3.4 to 10.0.1.2
> without masquerading?

It is masqueraded.  On both sides.

Kurt





<< | Thread Index | >> ]    [ << | Date Index | >> ]