<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "Hans Steegers" <steegers,AT,steegers,DOT,nl>
Subject: Re: Ping problem
From: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
Date: Sun, 31 Aug 2003 13:47:08 -0500
Cc: <cipe-l,AT,inka,DOT,de>
References: <001101c36fee$9eaad040$d620a8c0@pcw_hans.hnsasd.priv>

HAHA, yeah you're right with the netmask.  I don't know what I was thinking
with that.  Is there a program that does the same thing as tcpdump on
Win2000?  Thats what the .254 box is and I'm not familiar with how to do a
dump on there.

----- Original Message ----- 
From: "Hans Steegers" <hsx,AT,dds,DOT,nl>
To: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
Cc: <cipe-l,AT,inka,DOT,de>
Sent: Sunday, August 31, 2003 1:35 PM
Subject: Re: Ping problem

> Does the echo request show up at the interface on .254?
>
> Looks to me a routing problem between LAN and the CIPE interface
> Does .254 know .248 is the gateway to the other LAN?
> etc. etc.
>
> Rules are ok if on the 192.168.1.0 side, except for the netmask, which is
> obviously strange: shouldn't that be /24 for a class C network?
> 192.168.1.0/8 specifies a class A range: 192.0.0.0 .. 192.255.255.255
> Do you use this mask also for your route table? If so, that's your
problem!
> [192.168.1.0/8 is identical to 192.168.1.0/255.0.0.0]
>
> Hans Steegers
>
> -----Original Message-----
> From: David A. Osborn <david.osborn,AT,mchsi,DOT,com>
> To: cipe-l,AT,inka,DOT,de <cipe-l,AT,inka,DOT,de>
> Date: Sunday, August 31, 2003 8:01 PM
> Subject: Re: Ping problem
>
>
> >Well if I try to ping an ip on my internal network (192.168.1.254) from
> >192.168.10.1 thru 192.168.1.248 it doesn't make it.  The echo request
goes
> >across the VPN fine, and if I do a tcpdump on eth1 of 192.168.1.248 which
> is
> >the connection to the LAN the echo request is showing up there, but no
> >response is coming back.  This would lead me to believe the echo request
is
> >not going onto the LAN.  Shouldn't the following iptable rules be
handling
> >that though?
> >
> >iptables -A FORWARD -i cipcb0 -s 192.168.10.0/8 -d 192.168.1.0/8 -o
eth1 -j
> >ACCEPT
> >iptables -A FORWARD -i eth1 -s 192.168.1.0/8 -d 192.168.10.0/8 -o
cipcb0 -j
> >ACCEPT
> >
> >
> >----- Original Message -----
> >From: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
> >To: <cipe-l,AT,inka,DOT,de>
> >Sent: Sunday, August 31, 2003 12:14 PM
> >Subject: Re: Ping problem
> >
> >
> >> Ah you're right.  The culprit was a faulty output rule on 192.168.1.248
> >box.
> >> I was allowing output for 192.168.0.0/8 instead of 192.168.0.0/16.  The
> >ping
> >> is working fine now between the two machines linked by CIPE. Now I need
> to
> >> figure out why I can't ping the internal network.
> >>
> >>
> >> ----- Original Message -----
> >> From: "Hans Steegers" <hsx,AT,dds,DOT,nl>
> >> To: "David A. Osborn" <david.osborn,AT,mchsi,DOT,com>
> >> Cc: <cipe-l,AT,inka,DOT,de>
> >> Sent: Sunday, August 31, 2003 11:59 AM
> >> Subject: Re: Ping problem
> >>
> >>
> >> > Looks like a routing or firewall problem:
> >> >
> >> > 192.168.1.248 -> 192.168.10.1: ping reply returns to the local cipe
> >> > interface but is not seen by the ethernet interface..(?)
> >> > 192.168.10.1 -> 192.168.1.248: ping request reaches the cipe
interface
> >on
> >> > 248 but reply fails.
> >> > So, there must be a problem between the cipe interface and the
ethernet
> >> > interface on 192.168.1.248, related to routing or the firewall blocks
> >ICMP
> >> > reply packets..
> >> >
> >> >
> >> > Hans Steegers
> >> >
> >> > -----Original Message-----
> >> > From: David A. Osborn <david.osborn,AT,mchsi,DOT,com>
> >> > To: cipe-l,AT,inka,DOT,de <cipe-l,AT,inka,DOT,de>
> >> > Date: Sunday, August 31, 2003 6:35 PM
> >> > Subject: Ping problem
> >> >
> >> >
> >> > I am still having issues getting CIPE working.  It looks like it is
> >close,
> >> > but my ping is acting a little weird.  The two machines have Ip
address
> >> > 192.168.10.1 and 192.168.1.248, I do a "tcpdump -i cipcb0"  on both
> >> machines
> >> > and do a ping and I get the following:
> >> >
> >> > ping from 192.168.1.248 to 192.168.10.1:
> >> > both tcpdumps display:
> >> > 192.168.1.248 > 192.168.10.1: icmp: echo request (DF)
> >> > 192.168.10.1 > 192.168.1.248 icmp: echo reply
> >> >
> >> > This would tell me that the ping should be completing fine, but the
> >actual
> >> > Ping command fails on every attempt.
> >> >
> >> > ping from 192.168.10.1 to 192.168.1.248
> >> > both tcpdumps display
> >> > 192.168.10.1 > 192.168.1.248: icmp: echo request (DF)
> >> >
> >> > neither display the echo reply and of course the Ping fails.
> >> >
> >> > Any ideas?
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> >> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in 
> >> > body
> >> > Other commands available with "help" in body to the same address.
> >> > CIPE info and list archive:
> >> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> >>
> >>
> >> --
> >> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> >> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> >> Other commands available with "help" in body to the same address.
> >> CIPE info and list archive:
> ><URL:http://sites.inka.de/~bigred/devel/cipe.html>
> >
> >
> >--
> >Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> >Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> >Other commands available with "help" in body to the same address.
> >CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>


<< | Thread Index | >> ]    [ << | Date Index | >> ]