<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: routing to internal network issue.
From: Bret Hughes <bhughes,AT,elevating,DOT,com>
Date: Tue, 25 Feb 2003 01:19:01 +0100

OK onward and upward in the effort to get xp talking to a redhat 8.0
server running cipe-1.4.5 from the redhat rpm.

what works:

xp box can connect to server fine on local net\

xp box can connect to server via dialup connection (xp side ) and port
forwarding done by a cisco pix 506. a conduit is setup for the udp port
in use on the server for this interface (7777).

what doesn't work:

routing of packets through server to lan. well it sort of does, read on
please.

By adding the route to windows for the internal lan I get packets sent
to an internal linux other than the cipe gateway.  THe ipaddress of this
box is 10.0.0.212.  I can see these packets via ethereal. the real issue
is that the return packets are sent to the default route (the pix
firewall).  I thought that be specifying a route and enableing
forwarding that packets destined for sambatest would be sent to the
cipegateway which would then forward it on to sambatest and I hoped that
magic happened and sambatest would know to send the packets back to the
gateway since that is where it came from.  Obviously that did not
happen.

I can get it to work by placing a host route on sambatest that tells it
that packets going to 10.0.3.3 need to go via 10.0.0.232.

DUH.

What is the best way to get this to work for all 50 + devices on the
internal network?

I see two options:

1. add a route to the pix that says all packets going to 10.0.3.0/24
redirect to 10.0.0.232  (this is what I am going to try next)

2. add static routes to all machines via dhcp for the dynamic stuff and
hard code the servers that currently do not get anything via dhcp.  (Not
good) 

Are there other options?  what is proxyarp?  could I masquerade the vpn
connections onto the local netork? SNAT I guess (there will be several
vpn connections if this works, and I am trying to find the easiest
configuration to maintain.) 

  
Thanks for any help you can give me.  what follows is a lot of addition
configuration data that should give a fairly complete view of the
setup.  If I messed it up please ask for clarification.

Bret

Probably time for ascii art attempt:
detail config data below 

xp box localcipeip-10.0.3.3, dialup connection to internet 
|
|
|
Internet |                                                                    
          
|
|
pix firewall realip setup on xp box forward to 10.0.0.232
|
|
cipegateway lanip-10.0.0.232, localcipeip-10.0.3.4
|
|
|
sambatest rh 8.0, ipaddr-10.0.0.212

I have enabled ip forwarding on the cipe 
gateway with echo "1" >/proc/sys/net/ipv4/ip_forward

configuration:
************************************************************
xp client with dial up internet connectivity

me 0.0.0.0
myport 6969
peer realip (forwarded via pix 506 to rhl cipe server
peer port 7777
localip 10.0.3.3
remoteip 10.0.0.4

C:\Documents and Settings\BHughes>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...08 00 58 00 00 01 ...... CIPE VPN Adapter - Packet Scheduler Miniport
0xb0002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    65.56.171.201   65.56.171.201       1
         10.0.0.0    255.255.255.0         10.0.3.4        10.0.3.3       1
         10.0.3.0    255.255.255.0         10.0.3.3        10.0.3.3       30
         10.0.3.3  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.0.3.3        10.0.3.3       30
    65.56.171.201  255.255.255.255        127.0.0.1       127.0.0.1       50
   65.255.255.255  255.255.255.255    65.56.171.201   65.56.171.201       50
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
   209.247.22.254  255.255.255.255    65.56.171.201   65.56.171.201       1
        224.0.0.0        240.0.0.0         10.0.3.3        10.0.3.3       30
        224.0.0.0        240.0.0.0    65.56.171.201   65.56.171.201       1
  255.255.255.255  255.255.255.255         10.0.3.3        10.0.3.3       1
Default Gateway:     65.56.171.201
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\BHughes>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : jimxplt
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter S and O VPN:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : CIPE VPN Adapter
        Physical Address. . . . . . . . . : 08-00-58-00-00-01
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.3.3
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :

PPP adapter sbc-bret:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 65.56.171.201
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 65.56.171.201
        DNS Servers . . . . . . . . . . . : 209.244.0.3
                                            209.244.0.4
        NetBIOS over Tcpip. . . . . . . . : Disabled
end of windows stuff
**********************************************************

rh 8.0 cipe box:
************************************************************
from /etc/sysconfig/network-scripts/ifcfg-cipcb1
USERCTL=no
PEERDNS=no
TYPE=CIPE
DEVICE=cipcb1
ONBOOT=no
IPADDR=10.0.3.4
ME=10.0.0.232
MYPORT=7777
PTPADDR=10.0.3.3
PEER=0.0.0.0

forwarding enabled:
[bhughes@solin network-scripts]$ cat /proc/sys/net/ipv4/ip_forward 
1

routing table
[bhughes@solin network-scripts]$ route 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.3.3        *               255.255.255.255 UH    0      0        0 cipcb1
vpn1.internal.s *               255.255.255.255 UH    0      0        0 cipcb0
10.0.0.0        *               255.255.255.0   U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         pix.internal.st 0.0.0.0         UG    0      0        0 eth0

[bhughes@solin network-scripts]$ ifconfig cipcb1
cipcb1    Link encap:IPIP Tunnel  HWaddr   
          inet addr:10.0.3.4  P-t-P:10.0.3.3  Mask:255.255.255.255
          UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
          RX packets:1537 errors:9 dropped:0 overruns:0 frame:9
          TX packets:1334 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 
          RX bytes:143560 (140.1 Kb)  TX bytes:143784 (140.4 Kb)





<< | Thread Index | >> ]    [ << | Date Index | >> ]