<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: <cipe-l,AT,inka,DOT,de>
Subject: So close yet so far...
From: "Michael Masse" <mrm,AT,medicine,DOT,wisc,DOT,edu>
Date: Tue, 10 Jun 2003 15:56:14 -0500

I seem to have my cipe connection up and running and I think I'm having
more of a proxyarp/routing issue then anything else, but hopefully
someone here has seen this problem and can give some insight.

Here's what I'm trying to do:

Remote Cipe box <--Router--> INTERNET <--Router --> Office Cipe box

I want the remote cipe box to have an IP from the office subnet so that
it appears to be on the office network.
I'm using proxy arp on the office cipe box to hopefully accomplish

I can get the two cipe boxes to comunicate with each other just fine.  
I can ping, ssh, use lynx back and forth no problem.

The remote box's ip address is proxy arped on the office box and if I
try to ssh to the remote box from another machine in the office I always
get a login prompt, but a lot of times it says invalid password. 
Sometimes it does let me in though.   Along with that, If I try to
access the web server on the remote box from another machine in the
office I can sometimes get to it, and other times not.    If I can get
to the webserver, then I can log in via ssh.   If I can't get to the
webserver, then it won't let me in via ssh, so I don't think it's a
problem with how the services are set up due to them both having weird
issues always at the same time.

Finally, from the remote box, I cannot get past the office cipe box to
see anything else on the office lan at all.

For proxy-arp to work properly w/ cipe, do I need make sure proxy arp
is enabled in the kernel for both eth0 and cipcb0 devices, or does cipe
do this automaticly?   Same thing with ip_forwarding.  Do I need it on
at all?    I've tried every combination I can think of, and none of them
seem to make a difference, so I was curious if cipe simply turns on what
it needs automaticly??

Does this seem like a routing issue?   I eventually want to masquerade
the office ip out at the remote site, but for now I just want to have
the one box working back and forth.

Any help would be greatly appreciated.

Here's the info from the OFFICE CIPE box


key             <hidden>
maxerr          -1

The only changes I've made to ip-up are the addition of:

arp -i eth0 -Ds $4 eth0 pub
arp -i eth0 -Ds $5 eth0 pub

Here's what the routing table looks like:

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface  *      UH    0      0        0
cipcb0   *        U     0      0        0
eth0     *          U     0      0        0
eth0       *            U     0      0        0
default         UG    0      0        0

Here's the info for the REMOTE CIPE box


device          cipcb0
key             <hidden>
maxerr          -1

I've only made the following additions to the ip-up file:

route add -host $6 gw
#route add -net netmask gw $5
route add -net netmask dev cipcb0

I've tried using either the gw and the dev clause for the route and
neither makes any difference.

route table:  *      UH    0      0        0
cipcb0 UGH   0      0        0
eth0  *      U     0      0        0
eth0   *        U     0      0        0
cipcb0     *          U     0      0        0
eth0       *            U     0      0        0
default         UG    0      0        0


<< | Thread Index | >> ]    [ << | Date Index | >> ]