<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: Re: can only ping
From: Colja Vendel <c-vendel,AT,4magic,DOT,de>
Date: Fri, 13 Feb 2004 12:32:45 +0100
In-reply-to: <200402131021.15690.michael.renner@gmx.de>
References: <200402131021.15690.michael.renner@gmx.de>

it's not shure but I got help while using ipsec racoon
there is a bug somewhere in the kernel i'm also not shure
if this concernes 2.4 as well or just 2.6 but maybe you ca find more

here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215980

I was told to put a additional iptables rule into my config and it worked
here the snip I got as hint


>There is a bug in linux kernel which affect you. See more http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215980
>Workaround: insert rule like this on both gateways. It should end up _before_ MASQUERADE rule.

>iptables --flush
>iptables --table nat --flush
>iptables --delete-chain
>iptables --table nat --delete-chain

> >===> iptables --table nat --append --out-interface ppp0 -p esp -j ACCEPT >

>iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
>iptables --append FORWARD --in-interface ppp0 -j ACCEPT
>echo 1 > /proc/sys/net/ipv4/ip_forward


PS: ping does well but nothing else worked

Michael Renner wrote:


I setup a cipe tunnel between 2 maschines with dynamic addresses (using a dyndns.org allocation.

The Connection comes up, I can ping the other end of the tunnel:

cipcb0    Link encap:IPIP Tunnel  HWaddr
         inet addr:  P-t-P:  Mask:
         RX packets:13 errors:0 dropped:0 overruns:0 frame:0
         TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:1456 (1.4 KiB)  TX bytes:6374 (6.2 KiB)

lyra:~# ping -c2
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=101.2 ms
64 bytes from icmp_seq=1 ttl=64 time=96.0 ms

I find in the /var/log/debug these entries: Feb 13 10:10:30 lyra kernel: route dev=eth1 flags=0 type=1 Feb 13 10:10:30 lyra kernel: pmtu=1452 dmtu=1500 size=84 Feb 13 10:10:31 lyra kernel: route dev=eth1 flags=0 type=1 Feb 13 10:10:31 lyra kernel: pmtu=1452 dmtu=1500 size=84

But unfortunately an can do nothing else than pinging! No other port is reachable:
lyra:~# ssh -v
OpenSSH_3.5p1 Debian 1:3.5p1-4, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to [] port 22.

and in the /var/log/debug:
Feb 13 10:13:40 lyra kernel: route dev=eth1 flags=0 type=1
Feb 13 10:13:40 lyra kernel: pmtu=1452 dmtu=1500 size=60

Any hint?

<< | Thread Index | >> ]    [ << | Date Index | >> ]