<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: <cipe-l,AT,inka,DOT,de>
Subject: Re: Ping problem
From: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
Date: Sun, 31 Aug 2003 12:56:05 -0500
References: <000a01c36fe1$4a025f20$d620a8c0@pcw_hans.hnsasd.priv> <043301c36fe3$49b390f0$6401a8c0@david2eq84h1w3>

Well if I try to ping an ip on my internal network (192.168.1.254) from
192.168.10.1 thru 192.168.1.248 it doesn't make it.  The echo request goes
across the VPN fine, and if I do a tcpdump on eth1 of 192.168.1.248 which is
the connection to the LAN the echo request is showing up there, but no
response is coming back.  This would lead me to believe the echo request is
not going onto the LAN.  Shouldn't the following iptable rules be handling
that though?

iptables -A FORWARD -i cipcb0 -s 192.168.10.0/8 -d 192.168.1.0/8 -o eth1 -j
ACCEPT
iptables -A FORWARD -i eth1 -s 192.168.1.0/8 -d 192.168.10.0/8 -o cipcb0 -j
ACCEPT

----- Original Message ----- 
From: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
To: <cipe-l,AT,inka,DOT,de>
Sent: Sunday, August 31, 2003 12:14 PM
Subject: Re: Ping problem

> Ah you're right.  The culprit was a faulty output rule on 192.168.1.248
box.
> I was allowing output for 192.168.0.0/8 instead of 192.168.0.0/16.  The
ping
> is working fine now between the two machines linked by CIPE. Now I need to
> figure out why I can't ping the internal network.
>
>
> ----- Original Message ----- 
> From: "Hans Steegers" <hsx,AT,dds,DOT,nl>
> To: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
> Cc: <cipe-l,AT,inka,DOT,de>
> Sent: Sunday, August 31, 2003 11:59 AM
> Subject: Re: Ping problem
>
>
> > Looks like a routing or firewall problem:
> >
> > 192.168.1.248 -> 192.168.10.1: ping reply returns to the local cipe
> > interface but is not seen by the ethernet interface..(?)
> > 192.168.10.1 -> 192.168.1.248: ping request reaches the cipe interface
on
> > 248 but reply fails.
> > So, there must be a problem between the cipe interface and the ethernet
> > interface on 192.168.1.248, related to routing or the firewall blocks
ICMP
> > reply packets..
> >
> >
> > Hans Steegers
> >
> > -----Original Message-----
> > From: David A. Osborn <david.osborn,AT,mchsi,DOT,com>
> > To: cipe-l,AT,inka,DOT,de <cipe-l,AT,inka,DOT,de>
> > Date: Sunday, August 31, 2003 6:35 PM
> > Subject: Ping problem
> >
> >
> > I am still having issues getting CIPE working.  It looks like it is
close,
> > but my ping is acting a little weird.  The two machines have Ip address
> > 192.168.10.1 and 192.168.1.248, I do a "tcpdump -i cipcb0"  on both
> machines
> > and do a ping and I get the following:
> >
> > ping from 192.168.1.248 to 192.168.10.1:
> > both tcpdumps display:
> > 192.168.1.248 > 192.168.10.1: icmp: echo request (DF)
> > 192.168.10.1 > 192.168.1.248 icmp: echo reply
> >
> > This would tell me that the ping should be completing fine, but the
actual
> > Ping command fails on every attempt.
> >
> > ping from 192.168.10.1 to 192.168.1.248
> > both tcpdumps display
> > 192.168.10.1 > 192.168.1.248: icmp: echo request (DF)
> >
> > neither display the echo reply and of course the Ping fails.
> >
> > Any ideas?
> >
> >
> >
> >
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>


<< | Thread Index | >> ]    [ << | Date Index | >> ]