Re: concrete udp forwarding question|
Phil Scarratt <fil,AT,draxsen,DOT,com>|
Wed, 25 Jun 2003 22:47:57 +1000|
<firstname.lastname@example.org> <email@example.com> <3EF8FE18.firstname.lastname@example.org> <email@example.com>|
Maybe I didn't test it for long enough periods of time but all I do on
my linux box is allow the appropriate port to be forwarded from internal
interface to public interface. Anything that is related or established
is allowed back in/forwarded (in the reverse direction). Hence as long
as I initiated the CIPE tunnel from within the lan, all was OK. If I get
a chance I will test it for longer periods of no activity.
Someone else may be able to clarify but timing out doesn't sound right,
although maybe some older routers/nat do show symptoms like that. I
would've thought that any CIPE traffic would look like a related or
established connection traffic....but then again now I'm prattling on in
Daniel Andor wrote:
On Wednesday 25 June 2003 2:42 am, Phil Scarratt wrote:
This is one of the functionalities of NAT - it wraps the packet with a
publicly accessible source ip so the destination returns it to the
correct machine on the public network (ie the routerNAT) which then
Thanks, this is good to know. (I had thought this functionality only existed
for TCP connections.)
2) It seems like I need the "ping" option to keep the NAT router
forwarding the UDP packets it receives from machineA to machineB. (I have
no idea what the time-out on the NAT router is, so I set 10 seconds as
not too wasteful if resources.)
Not sure why this is the case. Mine worked fine (same configuration)
without the ping. Might have something to do with the routerNAT (mine is
a linux box).
My naive guess was that the NAT router was timing out the reverse mapping
(since the connection was sitting idle for a while)? That is, when it
received a packet to 1114 from machineA, it no longer knew to send it on to
machineB. Otherwise, on your linux box, does it keep the mapping
(I have no idea what hw/sw the NAT router is using here.)
Yes, thanks very much.
Daniel Andor wrote:
I can't quite work out how to configure this setup, so I would be very
grateful for some help.
I have a machineA with a static IP, and a machineB behind a NAT router:
machineA <--- internet ---> routerNAT <--- internal LAN ---> machineB
How should I configure this to create a cipe vpn between machineA and B?
I do not have access to routerNAT.
There's another machineC, distinct from the router, which has interfaces
on both the internet *and* the internal LAN. I have access to this to
be able to run userland programs.
Any help appreciated!
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive:
0403 53 12 71