<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: CIPE changing ports
From: Veros Kaplan <veros-cipe,AT,tac,DOT,cz>
Date: Fri, 20 Dec 2002 00:48:50 +0100

Hello,

I was going to ask for help. I've solved the problem myself after some
investigating (three hours :-)   It may help to someone, so I'm posting
it anyway.

I'm trying to use CIPE 1.5.4 on Debian Woody 3.0r0/Linux 2.4.20 (thanks to 
all nice people who helped me) CIPE worked for me for a long time on
RedHat 6.2/2.2.19.  After updating 1.5.2 to 1.5.4, it stopped working.

local host:                       | remote host 
----------------------------------|--------------------------------
tokey=900                         | tokey=900
ping=90                           | ping=90
toping=10                         | toping=10
ipaddr=192.168.99.253             | ptpaddr=192.168.99.253
ptpaddr=192.168.99.3              | ipaddr=192.168.99.3
peer=193.XX.XXX.XX:1979           | me=193.XX.XXX.XX:1979
arg=YYYYYYYYYYYYYYYYYY            | peer=127.0.0.1:9
maxerr=-1                         | arg=incoming
key=ZZZZZZZZZZZZZZZZZZ            | maxerr=-1
                                  | key=ZZZZZZZZZZZZZZZZZZZZ

After doing ping through CIPE link and tcpdump on carrier ethernet:

local# /usr/sbin/tcpdump -i eth1 udp -n

tcpdump: listening on eth1
00:22:47.029604 193.YY.YYY.YY.1159 > 193.XX.XXX.XX.1025:  udp 104 (DF)
00:22:48.026251 193.YY.YYY.YY.1159 > 193.XX.XXX.XX.1025:  udp 104 (DF)
00:22:49.025087 193.YY.YYY.YY.1159 > 193.XX.XXX.XX.1025:  udp 104 (DF)
00:22:50.025100 193.YY.YYY.YY.1159 > 193.XX.XXX.XX.1025:  udp 104 (DF)
00:22:51.025964 193.YY.YYY.YY.1159 > 193.XX.XXX.XX.1025:  udp 104 (DF)
00:22:52.025271 193.YY.YYY.YY.1159 > 193.XX.XXX.XX.1025:  udp 104 (DF)

It seems strange to me, beacuse I've asked local host to connect to
UDP port 1979 not 1025. 

-- SOLVED

The problem was misconfigured NAT (iptables). All connections done from
local host to Internet was SNATed. I don't understand how it can happen
as SNAT should rewrite only source of the packet. After removing SNAT
for locally generated packets, it works now.

Have a nice midnight (in CET :-)

V&ecaron;ro&scaron;
--
V&ecaron;ro&scaron; Kaplan <veros @ tac . cz>
Tacoma Computers, Sta&ncaron;kova 18a, Brno, CZ   
--
"Emacs (this is more of a piece of intrastructure than an application)"
        --Debian FAQ, 6.7





<< | Thread Index | >> ]    [ << | Date Index | >> ]