trouble routing packets

4np duh at crash.nu
Sun Oct 6 17:52:21 CEST 2002


Hi all :)

I have a masqueraded home lan as well as a friend of mine. I have set up
two tinc daemons on both masquerading gateways and I have no trouble
connecting (it works pretty smooth) and they show up in the syslog as
configured after sending an USR1 / USR2 signal to the daemons. The trouble
is the routing / firewalling of the packets. Maybe somebody could give me
a hand here? :)
The configuration of the two lans is printed below. I have no trouble
pinging from my gateway to the other gateway (192.168.1.1 -> 192.168.2.1)
and vise versa but I can't ping bejond a gateway. I however see the
packets arriving on either side on the gateway using tcpdump:

tcpdump -i tap0
17:25:36.410102 192.168.2.1 > 192.168.1.2: icmp: echo request
17:25:37.412188 192.168.2.1 > 192.168.1.2: icmp: echo request
17:25:38.411059 192.168.2.1 > 192.168.1.2: icmp: echo request
17:25:39.410655 192.168.2.1 > 192.168.1.2: icmp: echo request

tcpdump -i eth1
Does not show any icmp request/replies

So unfortunately I can't get them to go any further than the gateway...
Hence the question is: What is wrong with my routing table or my ipchains
settings and how could I correct it? :) Thanks in advance! :)

Jeroen


LAN 1:
------------------------
eth0      Link encap:Ethernet  HWaddr 00:50:04:46:84:8E
          inet addr:1.2.3.4  Bcast:1.2.3.255  Mask:255.255.254.0
eth1      Link encap:Ethernet  HWaddr 00:60:97:B2:C0:71
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
.
.
tap0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:00
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.0.0

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.1.0     *               255.255.255.0   U     0      0        0
eth1
1.2.3.0   	*               255.255.254.0   U     0      0        0
eth0
192.168.0.0     *               255.255.0.0     U     0      0        0
tap0
default         babyxl-ams-gw-1 0.0.0.0         UG    0      0        0
eth0

Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
-          all  ------  192.168.0.0/16       192.168.1.0/24        n/a
-          all  ------  192.168.1.0/24       192.168.0.0/16        n/a
MASQ       all  ------  192.168.1.2          anywhere              n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports


LAN 2:
------------------------
eth0      Link encap:Ethernet  HWaddr 00:20:18:A0:3B:E1
          inet addr:2.3.4.5  Bcast:2.3.4.255  Mask:255.255.254.0
eth1      Link encap:Ethernet  HWaddr 00:E0:29:0E:85:4E
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
.
.
tap0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:00
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.0.0

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.2.0     *               255.255.255.0   U     0      0        0
eth1
2.3.4.0   	*               255.255.254.0   U     0      0        0
eth0
192.168.0.0     *               255.255.0.0     U     0      0        0
tap0
default         babyxl-ams-gw-1 0.0.0.0         UG    0      0        0
eth0

Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
-          all  ------  192.168.0.0/16       192.168.2.0/24        n/a
-          all  ------  192.168.2.0/24       192.168.0.0/16        n/a
MASQ       all  ------  192.168.2.2          anywhere              n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports


Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/




More information about the Tinc mailing list