<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
Subject: Re: Ping problem
From: "Hans Steegers" <hsx,AT,dds,DOT,nl>
Date: Sun, 31 Aug 2003 20:35:14 +0200
Cc: <cipe-l,AT,inka,DOT,de>
Reply-to: "Hans Steegers" <steegers,AT,steegers,DOT,nl>

Does the echo request show up at the interface on .254?

Looks to me a routing problem between LAN and the CIPE interface
Does .254 know .248 is the gateway to the other LAN?
etc. etc.

Rules are ok if on the 192.168.1.0 side, except for the netmask, which is
obviously strange: shouldn't that be /24 for a class C network?
192.168.1.0/8 specifies a class A range: 192.0.0.0 .. 192.255.255.255
Do you use this mask also for your route table? If so, that's your problem!
[192.168.1.0/8 is identical to 192.168.1.0/255.0.0.0]

Hans Steegers

-----Original Message-----
From: David A. Osborn <david.osborn,AT,mchsi,DOT,com>
To: cipe-l,AT,inka,DOT,de <cipe-l,AT,inka,DOT,de>
Date: Sunday, August 31, 2003 8:01 PM
Subject: Re: Ping problem

>Well if I try to ping an ip on my internal network (192.168.1.254) from
>192.168.10.1 thru 192.168.1.248 it doesn't make it.  The echo request goes
>across the VPN fine, and if I do a tcpdump on eth1 of 192.168.1.248 which
is
>the connection to the LAN the echo request is showing up there, but no
>response is coming back.  This would lead me to believe the echo request is
>not going onto the LAN.  Shouldn't the following iptable rules be handling
>that though?
>
>iptables -A FORWARD -i cipcb0 -s 192.168.10.0/8 -d 192.168.1.0/8 -o eth1 -j
>ACCEPT
>iptables -A FORWARD -i eth1 -s 192.168.1.0/8 -d 192.168.10.0/8 -o cipcb0 -j
>ACCEPT
>
>
>----- Original Message -----
>From: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
>To: <cipe-l,AT,inka,DOT,de>
>Sent: Sunday, August 31, 2003 12:14 PM
>Subject: Re: Ping problem
>
>
>> Ah you're right.  The culprit was a faulty output rule on 192.168.1.248
>box.
>> I was allowing output for 192.168.0.0/8 instead of 192.168.0.0/16.  The
>ping
>> is working fine now between the two machines linked by CIPE. Now I need
to
>> figure out why I can't ping the internal network.
>>
>>
>> ----- Original Message -----
>> From: "Hans Steegers" <hsx,AT,dds,DOT,nl>
>> To: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
>> Cc: <cipe-l,AT,inka,DOT,de>
>> Sent: Sunday, August 31, 2003 11:59 AM
>> Subject: Re: Ping problem
>>
>>
>> > Looks like a routing or firewall problem:
>> >
>> > 192.168.1.248 -> 192.168.10.1: ping reply returns to the local cipe
>> > interface but is not seen by the ethernet interface..(?)
>> > 192.168.10.1 -> 192.168.1.248: ping request reaches the cipe interface
>on
>> > 248 but reply fails.
>> > So, there must be a problem between the cipe interface and the ethernet
>> > interface on 192.168.1.248, related to routing or the firewall blocks
>ICMP
>> > reply packets..
>> >
>> >
>> > Hans Steegers
>> >
>> > -----Original Message-----
>> > From: David A. Osborn <david.osborn,AT,mchsi,DOT,com>
>> > To: cipe-l,AT,inka,DOT,de <cipe-l,AT,inka,DOT,de>
>> > Date: Sunday, August 31, 2003 6:35 PM
>> > Subject: Ping problem
>> >
>> >
>> > I am still having issues getting CIPE working.  It looks like it is
>close,
>> > but my ping is acting a little weird.  The two machines have Ip address
>> > 192.168.10.1 and 192.168.1.248, I do a "tcpdump -i cipcb0"  on both
>> machines
>> > and do a ping and I get the following:
>> >
>> > ping from 192.168.1.248 to 192.168.10.1:
>> > both tcpdumps display:
>> > 192.168.1.248 > 192.168.10.1: icmp: echo request (DF)
>> > 192.168.10.1 > 192.168.1.248 icmp: echo reply
>> >
>> > This would tell me that the ping should be completing fine, but the
>actual
>> > Ping command fails on every attempt.
>> >
>> > ping from 192.168.10.1 to 192.168.1.248
>> > both tcpdumps display
>> > 192.168.10.1 > 192.168.1.248: icmp: echo request (DF)
>> >
>> > neither display the echo reply and of course the Ping fails.
>> >
>> > Any ideas?
>> >
>> >
>> >
>> >
>> > --
>> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>> > Other commands available with "help" in body to the same address.
>> > CIPE info and list archive:
>> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>>
>>
>> --
>> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>> Other commands available with "help" in body to the same address.
>> CIPE info and list archive:
><URL:http://sites.inka.de/~bigred/devel/cipe.html>
>
>
>--
>Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>Other commands available with "help" in body to the same address.
>CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>


<< | Thread Index | >> ]    [ << | Date Index | >> ]