trouble routing packets
4np
duh at crash.nu
Sun Oct 6 17:52:21 CEST 2002
Hi all :)
I have a masqueraded home lan as well as a friend of mine. I have set up
two tinc daemons on both masquerading gateways and I have no trouble
connecting (it works pretty smooth) and they show up in the syslog as
configured after sending an USR1 / USR2 signal to the daemons. The trouble
is the routing / firewalling of the packets. Maybe somebody could give me
a hand here? :)
The configuration of the two lans is printed below. I have no trouble
pinging from my gateway to the other gateway (192.168.1.1 -> 192.168.2.1)
and vise versa but I can't ping bejond a gateway. I however see the
packets arriving on either side on the gateway using tcpdump:
tcpdump -i tap0
17:25:36.410102 192.168.2.1 > 192.168.1.2: icmp: echo request
17:25:37.412188 192.168.2.1 > 192.168.1.2: icmp: echo request
17:25:38.411059 192.168.2.1 > 192.168.1.2: icmp: echo request
17:25:39.410655 192.168.2.1 > 192.168.1.2: icmp: echo request
tcpdump -i eth1
Does not show any icmp request/replies
So unfortunately I can't get them to go any further than the gateway...
Hence the question is: What is wrong with my routing table or my ipchains
settings and how could I correct it? :) Thanks in advance! :)
Jeroen
LAN 1:
------------------------
eth0 Link encap:Ethernet HWaddr 00:50:04:46:84:8E
inet addr:1.2.3.4 Bcast:1.2.3.255 Mask:255.255.254.0
eth1 Link encap:Ethernet HWaddr 00:60:97:B2:C0:71
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
.
.
tap0 Link encap:Ethernet HWaddr FE:FD:00:00:00:00
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.0.0
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 * 255.255.255.0 U 0 0 0
eth1
1.2.3.0 * 255.255.254.0 U 0 0 0
eth0
192.168.0.0 * 255.255.0.0 U 0 0 0
tap0
default babyxl-ams-gw-1 0.0.0.0 UG 0 0 0
eth0
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target prot opt source destination ports
- all ------ 192.168.0.0/16 192.168.1.0/24 n/a
- all ------ 192.168.1.0/24 192.168.0.0/16 n/a
MASQ all ------ 192.168.1.2 anywhere n/a
Chain output (policy ACCEPT):
target prot opt source destination ports
LAN 2:
------------------------
eth0 Link encap:Ethernet HWaddr 00:20:18:A0:3B:E1
inet addr:2.3.4.5 Bcast:2.3.4.255 Mask:255.255.254.0
eth1 Link encap:Ethernet HWaddr 00:E0:29:0E:85:4E
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
.
.
tap0 Link encap:Ethernet HWaddr FE:FD:00:00:00:00
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.0.0
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 * 255.255.255.0 U 0 0 0
eth1
2.3.4.0 * 255.255.254.0 U 0 0 0
eth0
192.168.0.0 * 255.255.0.0 U 0 0 0
tap0
default babyxl-ams-gw-1 0.0.0.0 UG 0 0 0
eth0
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target prot opt source destination ports
- all ------ 192.168.0.0/16 192.168.2.0/24 n/a
- all ------ 192.168.2.0/24 192.168.0.0/16 n/a
MASQ all ------ 192.168.2.2 anywhere n/a
Chain output (policy ACCEPT):
target prot opt source destination ports
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list