<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: routing to internal network issue.
From: "insecure,AT,mail,DOT,od,DOT,ua" <insecure,AT,mail,DOT,od,DOT,ua>
Date: Tue, 25 Feb 2003 19:38:12 +0100
In-reply-to: <1046130996.3007.67.camel@bretsony>

On Monday 24 February 2003 21:56, Bret Hughes wrote:
> OK onward and upward in the effort to get xp talking to a redhat 8.0
> server running cipe-1.4.5 from the redhat rpm.
> what works:
> xp box can connect to server fine on local net\
> xp box can connect to server via dialup connection (xp side ) and port
> forwarding done by a cisco pix 506. a conduit is setup for the udp port
> in use on the server for this interface (7777).
> what doesn't work:
> routing of packets through server to lan. well it sort of does, read on
> please.
> By adding the route to windows for the internal lan I get packets sent
> to an internal linux other than the cipe gateway.  THe ipaddress of this
> box is  I can see these packets via ethereal. the real issue
> is that the return packets are sent to the default route (the pix
> firewall).  I thought that be specifying a route and enableing
> forwarding that packets destined for sambatest would be sent to the
> cipegateway which would then forward it on to sambatest and I hoped that
> magic happened and sambatest would know to send the packets back to the
> gateway since that is where it came from.  Obviously that did not
> happen.

You must set up correct routing in both directions if you need
full connectivity (from remote box *and* to remote box).
I got away with masquerading because I did not need to initiate connections
*to* remote box:

   remote box
  VVV  router: SNAT masquerading for anything coming thru CIPE tunnel
   |          from remote box
| LAN |

In this situation LAN boxes cannot initiate connections to remote,
only router can.


<< | Thread Index | >> ]    [ << | Date Index | >> ]