<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Back to Basic's
From: Computer Fix Limited <ckells,AT,paradise,DOT,net,DOT,nz>
Date: Fri, 21 Mar 2003 19:44:37 +0100

I have tried connecting winxp machine to red hat linux with no luck.

So I have setup basic network connection between two red hat linux
computers and still no go. This is two PC's connected on the same local
lan with different ip addresses.

Once this is working I intend to return to the winxp to linux.

First I can not ping between each end, my understanding is that I should
be able to ping the appropriate Peer address and should be able to ping
the IPADDR and PTPADDR from either end.

Can ping IPADDR but not PTPADDR

nmap reports ports 10000 and 10001 closed at both ends.

I suspect my problem is in routing or iptables.

Why does network setup at both ends always set the tunnel to SERVER MODE
is this correct ?

If someone could help or just point me in the right direction - many
thanks.

IP forwarding is enabled both ends.

Files as follows:

/etc/sysconfig/network-scripts/ifcfg-cipcb0

Local

USERCTL=yes
PEERDNS=no
TYPE=CIPE
DEVICE=cipcb0
ONBOOT=yes
ME=192.168.10.210
IPADDR=10.0.1.1
PTPADDR=10.0.1.2
PEER=192.168.30.40:10001
MYPORT=10000

Remote

USERCTL=yes
PEERDNS=no
TYPE=CIPE
DEVICE=cipcb0
ONBOOT=yes
ME=192.168.30.20
IPADDR=10.0.1.2
PTPADDR=10.0.1.1
PEER=192.168.10.210:10000
MYPORT=10001

/etc/cipe/options.cipcb0

key 4507378339376983398391810398981309707
cttl 64
maxerr -1

/etc/cipe/ip-up

Local 

# Interconnect two 10. subnets through the Internet!
# Assuming $4 is in 10.1 and $5 in 10.2
route add -net 10.0.1.0 netmask 255.255.255.0 gw 10.0.1.1
/sbin/modprobe iptables
/sbin/service iptables stop
/sbin/iptables -P INPUT DROP
/sbin/iptables -F INPUT
/sbin/iptables -A INPUT -j ACCEPT -p udp -s 10.0.1.0/24
/sbin/iptables -A INPUT -j ACCEPT -i cipcb0
/sbin/iptables -A INPUT -j ACCEPT -i lo
/sbin/iptables -A INPUT -i cipcb0 -p ICMP -s 0.0.0.0/0 -d 10.0.1.2 -j
ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j
MASQUERADE

# Proxy-ARP the peer's address on eth0
#arp -i eth0 -Ds 10.0.1.2 eth0 pub

# Evil tricks department: masquerade the CIPE peer's /24 network to our
IP
#NA=`expr 192.168.20.40 : '\([0-9]*\.[0-9]*\.[0-9]*\.\)'`
#iptables -F -a accept -m -b -S $NA.0/24 -D 0.0.0.0/0
# the usual way for this would be a case selection on $5 or $6, however

# execute anything local
[ -x /etc/cipe/ip-up.local ] && /etc/cipe/ip-up.local $*

Remote

# Interconnect two 10. subnets through the Internet!
# Assuming $4 is in 10.1 and $5 in 10.2
route add -net 10.0.1.0 netmask 255.255.255.0 gw 10.0.1.2
/sbin/modprobe iptables
/sbin/service iptables stop
/sbin/iptables -P INPUT DROP
/sbin/iptables -F INPUT
/sbin/iptables -A INPUT -j ACCEPT -p udp -s 10.0.1.0/24
/sbin/iptables -A INPUT -j ACCEPT -i cipcb0
/sbin/iptables -A INPUT -j ACCEPT -i lo
/sbin/iptables -A INPUT -i cipcb0 -p ICMP -s 0.0.0.0/0 -d 10.0.1.1 -j
ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j
MASQUERADE

# Proxy-ARP the peer's address on eth0
#arp -i eth0 -Ds 10.0.1.2 eth0 pub

# Evil tricks department: masquerade the CIPE peer's /24 network to our
IP
#NA=`expr 192.168.20.40 : '\([0-9]*\.[0-9]*\.[0-9]*\.\)'`
#iptables -F -a accept -m -b -S $NA.0/24 -D 0.0.0.0/0
# the usual way for this would be a case selection on $5 or $6, however

# execute anything local
[ -x /etc/cipe/ip-up.local ] && /etc/cipe/ip-up.local $*

-- 
Computer Fix Limited <ckells,AT,paradise,DOT,net,DOT,nz>





<< | Thread Index | >> ]    [ << | Date Index | >> ]