<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: CIPE List <cipe-l,AT,inka,DOT,de>
Subject: XP to RH 7.3 firewall
From: Andrew Grimberg <tykeal,AT,bardicgrove,DOT,org>
Date: 16 Jun 2003 08:19:59 -0700

Greetings folks,

I did a search on the list archives but I may have used the wrong params
so if this has already been answered I'm sorry and could you just point
me to the relevent thread then?  Thanks :)

Anyway, here's my problem.

I've got a RH7.3 firewall setup with two private networks behind it.  A
wireless LAN and a wired LAN.  Here's a pic:

I'net -- FW / NAT -- WAP LAN  (10.1.2.x)
                  +- wired LAN (10.1.1.x)

The WAP network is barred access to the wired LAN except through the
same ports as are forwarded from outside to servers on the inside. 
Believe me, if I could get away with it the servers would be in an
isolated network as well ;)

Here's the problem.  One of my users has XP on their laptop and really
needs to get access to stuff on the wired LAN and wireless is their only
option in some locations.  I've got the FW configured to accept their
traffic without any mangling or anything (I've setup other Linux based
laptops to work with this and have it fully tested there).  However,
while the link comes up on both sides, I can't get a even a single ping
to go through the CIPE tunnel.

Basically it works like this:

FW interfaces at 10.1.1.1 and 10.1.2.1 (wired and wireless
respectively).  CIPE tunnels are assigned an ip in 10.1.3.x space.

The particular client configuration that I'm looking at is configured
thusly

--[cut]--
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
USERCTL=no
DEVICE=cipcb0
IPADDR=10.1.1.1
TYPE=CIPE
ONBOOT=yes
PTPADDR=10.1.3.1
PEER=10.1.2.161:6000
PEERDNS=no
ME=10.1.2.1:6001
--[cut]--

The XP workstation (with 2.0-pre15) is setup thusly

[info]
CIPE VNIC
IP: 10.1.3.1/24 (windows doesn't like /32)
no GW

CIPE config
Local IP: 10.1.2.161, port 6000
Peer IP: 10.1.2.1, port 6001
Local PTP IP (autoset to 10.1.3.1)
Peer PTP IP: 10.1.1.1
[/info]

I can see the interfaces come up, under linux I see the if up and
everything and /var/log/messages doesn't show any problems

On the windows side, the only evidence that I have that it came up
correctly is that a netstat shows the machine up on udp port 6000.

Pinging from the FW to 10.1.3.1 produces messages in /var/log/messages
about keys being set and such but I never get a return ping.

Checked routing under XP and never saw 10.1.1.1 as a defined route.

Added it as follows:  route add 10.1.1.1 mask 255.255.255.255 10.1.3.1
The system still would not ping in either direction.

Any clues?

Thanks in advance :)
-Andy-


<< | Thread Index | >> ]    [ << | Date Index | >> ]