Subject: CIPE Behind OpenBSD Firewall
From: David Dellanave <david,AT,dellanave,DOT,com>
Date: Mon, 13 Jan 2003 19:41:21 +0100

After struggling for a week, it's time I try to find some help with this 

I have a network of 50 machines, but only 3 are really important.

        Box A (CIPE)        Box B (OBSD FW)             Box C (CIPE)
    Ext IP a.a.a.a         Ext IP b.b.b.b               
    Int IP     Int IP        Int IP

The diagram looks something like:

(Machines)->Box A---<>(Internet)<>---Box B<--Box C (CIPE)
                                        ^----(More Machines)

The CIPE tunnel works because prior to the OpenBSD firewall being in the way, 
it worked fine.  The CIPE box was the firewall box and directly connected 

It sort-of works.  I can ping A from C.  Not A from B.  I can ping C from A.  
But most importantly, I can't ping machines behind A or behind C from either. 
 In other words I think it's a routing issue.

I have a binat rule setup, but I'm not sure the syntax is right.

I've searched google, which led me to the binat rule idea.

Can anyone offer any tips?

