<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: Re: can only ping
From: Colja Vendel <c-vendel,AT,4magic,DOT,de>
Date: Fri, 13 Feb 2004 12:32:45 +0100
In-reply-to: <200402131021.15690.michael.renner@gmx.de>
References: <200402131021.15690.michael.renner@gmx.de>

it's not shure but I got help while using ipsec racoon
there is a bug somewhere in the kernel i'm also not shure
if this concernes 2.4 as well or just 2.6 but maybe you ca find more

here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215980

I was told to put a additional iptables rule into my config and it worked
here the snip I got as hint

:

>There is a bug in linux kernel which affect you. See more http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215980
>
>Workaround: insert rule like this on both gateways. It should end up _before_ MASQUERADE rule.
>


>iptables --flush
>iptables --table nat --flush
>iptables --delete-chain
>iptables --table nat --delete-chain

> >===> iptables --table nat --append --out-interface ppp0 -p esp -j ACCEPT >

>iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
>iptables --append FORWARD --in-interface ppp0 -j ACCEPT
>echo 1 > /proc/sys/net/ipv4/ip_forward

Colja


PS: ping does well but nothing else worked

Michael Renner wrote:

Moin,

I setup a cipe tunnel between 2 maschines with dynamic addresses (using a dyndns.org allocation.

The Connection comes up, I can ping the other end of the tunnel:

cipcb0    Link encap:IPIP Tunnel  HWaddr
         inet addr:192.168.7.92  P-t-P:192.168.7.1  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP  MTU:1442  Metric:1
         RX packets:13 errors:0 dropped:0 overruns:0 frame:0
         TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:1456 (1.4 KiB)  TX bytes:6374 (6.2 KiB)

lyra:~# ping -c2 192.168.7.1
PING 192.168.7.1 (192.168.7.1): 56 data bytes
64 bytes from 192.168.7.1: icmp_seq=0 ttl=64 time=101.2 ms
64 bytes from 192.168.7.1: icmp_seq=1 ttl=64 time=96.0 ms


I find in the /var/log/debug these entries: Feb 13 10:10:30 lyra kernel: route dev=eth1 flags=0 type=1 Feb 13 10:10:30 lyra kernel: pmtu=1452 dmtu=1500 size=84 Feb 13 10:10:31 lyra kernel: route dev=eth1 flags=0 type=1 Feb 13 10:10:31 lyra kernel: pmtu=1452 dmtu=1500 size=84

But unfortunately an can do nothing else than pinging! No other port is reachable:
lyra:~# ssh -v 192.168.7.1
OpenSSH_3.5p1 Debian 1:3.5p1-4, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 192.168.7.1 [192.168.7.1] port 22.


and in the /var/log/debug:
Feb 13 10:13:40 lyra kernel: route dev=eth1 flags=0 type=1
Feb 13 10:13:40 lyra kernel: pmtu=1452 dmtu=1500 size=60


Any hint?




<< | Thread Index | >> ]    [ << | Date Index | >> ]