CIPE Behind OpenBSD Firewall|
David Dellanave <david,AT,dellanave,DOT,com>|
Mon, 13 Jan 2003 19:41:21 +0100|
After struggling for a week, it's time I try to find some help with this
I have a network of 50 machines, but only 3 are really important.
Box A (CIPE) Box B (OBSD FW) Box C (CIPE)
Ext IP a.a.a.a Ext IP b.b.b.b
Int IP 192.168.2.1 Int IP 192.168.1.1 Int IP 192.168.1.2
The diagram looks something like:
(Machines)->Box A---<>(Internet)<>---Box B<--Box C (CIPE)
The CIPE tunnel works because prior to the OpenBSD firewall being in the way,
it worked fine. The CIPE box was the firewall box and directly connected
It sort-of works. I can ping A from C. Not A from B. I can ping C from A.
But most importantly, I can't ping machines behind A or behind C from either.
In other words I think it's a routing issue.
I have a binat rule setup, but I'm not sure the syntax is right.
I've searched google, which led me to the binat rule idea.
Can anyone offer any tips?
FED5 FF73 7A92 5B11 844D 068E 3AEC 268E AAF0 DA59