multiple networks (fwd)
Guus Sliepen
guus at sliepen.warande.net
Fri May 26 10:31:51 CEST 2000
---------- Forwarded message ----------
Date: Fri, 26 May 2000 01:02:22 -0600
From: Mike MacNeill <mikem at accesscomm.ca>
To: Guus Sliepen <guus at sliepen.warande.net>
Subject: multiple networks
I have come across a complicated problem.
I am using tinc 1.0pre1 and Redhat6.2
I have a main System and some remote systems.
I have two networks on my main system and
two networks on my remote system. I can send and receive packets
on both main networks to 1 of the remote networks. but I can only
receive packets from the 2nd remote network.
Main System -
eth1 Link encap:Ethernet HWaddr 00:A0:D2:1C:E9:41
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
eth1:0 Link encap:Ethernet HWaddr 00:A0:D2:1C:E9:41
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
eth2 Link encap:Ethernet HWaddr 00:60:8C:E8:6F:C5
inet addr:192.168.42.100 Bcast:192.168.42.255 Mask:255.255.255.0
tap2 Link encap:Ethernet HWaddr FE:FD:C0:A8:01:01
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.0.0
route -n | grep tap2
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 tap2
192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 tap2
Remote System
eth1 Link encap:Ethernet HWaddr 00:A0:D2:1C:FC:6B
inet addr:192.168.31.1 Bcast:192.168.31.255 Mask:255.255.255.0
eth2 Link encap:Ethernet HWaddr 00:A0:D2:1C:EC:A6
inet addr:192.168.30.1 Bcast:192.168.30.255 Mask:255.255.255.0
tap0 Link encap:Ethernet HWaddr FE:FD:C0:A8:1F:01
inet addr:192.168.31.1 Bcast:192.168.31.255 Mask:255.255.0.0
route -n | grep tap0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
****************************************************************************
**
With the tinc daemon running at both ends computers using 192.168.1 and
192.168.42
on the master network can talk to computers using 192.168.31 but not
192.168.30
If I look at the ipchain rules I can see the packets going out tap2 on the
master system.
Chain o_tap2 (1 references):
pkts bytes target prot opt tosa tosx source
destination
5 565 ACCEPT all ------ 0xFF 0x00 192.168.1.0/24
192.168.30.0/24
26 7062 ACCEPT all ------ 0xFF 0x00 192.168.42.0/24
192.168.30.0/24
44 6120 ACCEPT all ------ 0xFF 0x00 192.168.1.0/24
192.168.31.0/24
0 0 ACCEPT all ------ 0xFF 0x00 192.168.42.0/24
192.168.31.0/24
0 0 DENY all ----l- 0xFF 0x00 0.0.0.0/0 0.0.0.0/0
But the ipchain rule on the remote system is not receiving them.
Chain i_tap0 (1 references):
pkts bytes target prot opt tosa tosx source
destination
0 0 ACCEPT all ------ 0xFF 0x00 192.168.1.0/24
192.168.30.0/24
0 0 ACCEPT all ------ 0xFF 0x00 192.168.42.0/24
192.168.30.0/24
881 191K ACCEPT all ------ 0xFF 0x00 192.168.1.0/24
192.168.31.0/24
6 504 ACCEPT all ------ 0xFF 0x00 192.168.42.0/24
192.168.31.0/24
0 0 DENY all ----l- 0xFF 0x00 0.0.0.0/0 0.0.0.0/0
One other interesting thing is that the remote system can send packets with
a source
of 192.168.30 and a destination of 192.168.42 or 1 and they get through.
The Output chain in the remote system can see the packets leave.
Chain o_tap0 (1 references):
pkts bytes target prot opt tosa tosx source
destination
0 0 ACCEPT all ------ 0xFF 0x00 192.168.30.0/24
192.168.1.0/24
3 390 ACCEPT all ------ 0xFF 0x00 192.168.30.0/24
192.168.42.0/24
69 8147 ACCEPT all ------ 0xFF 0x00 192.168.31.0/24
192.168.1.0/24
7 588 ACCEPT all ------ 0xFF 0x00 192.168.31.0/24
192.168.42.0/24
0 0 DENY all ----l- 0xFF 0x00 0.0.0.0/0 0.0.0.0/0
The input chain on the master system can see the packets arrive.
Chain i_tap2 (1 references):
pkts bytes target prot opt tosa tosx source
destination
0 0 ACCEPT all ------ 0xFF 0x00 192.168.30.0/24
192.168.1.0/24
3 543 ACCEPT all ------ 0xFF 0x00 192.168.30.0/24
192.168.42.0/24
16 1303 ACCEPT all ------ 0xFF 0x00 192.168.31.0/24
192.168.1.0/24
7 588 ACCEPT all ------ 0xFF 0x00 192.168.31.0/24
192.168.42.0/24
0 0 DENY all ----l- 0xFF 0x00 0.0.0.0/0 0.0.0.0/0
So the problem appears to only be in one direction. and only for one network
on the
remote system. Both networks on the master system work fine.
If I switch Tap0 on the remote system to:
tap0 Link encap:Ethernet HWaddr FE:FD:C0:A8:1E:01
inet addr:192.168.30.1 Bcast:192.168.30.255 Mask:255.255.0.0
Then the exact opposite happens. I can send and receive from the 30 network
but I cannot receive on the 31 network.
It is very very weird.
-
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
More information about the Tinc
mailing list