Different networks over NAT
Arjen Haayman
arjen at eastsite.nl
Wed Mar 9 21:47:37 CET 2005
Hi,
I've been struggling for almost a week now, but I can't get the
following setup to work.
At home I have class A network: 10.0.0.0/16 with a masquerading gateway
10.0.0.1 running tinc.
At work (http://www.eastsite.nl) we have a 192.168.0.0/24 network. The
gateway is called 'ed'
I've set up tinc on 'gateway' and everything is working fine from
'gateway', but none of the machines on my local network can access the
remote network.
Here's what I've got:
[root op gateway eastsite]# cat tinc.conf
# tinc configuration
Name = tinc_linux
ConnectTo = tinc_ed
KeyExpire = 30000000
#Mode = hub
[root op gateway eastsite]# cat tinc-up
ifconfig $INTERFACE 192.168.4.1 netmask 255.255.0.0
route add -net 192.168.4.0 netmask 255.255.255.0 eth1
route add -net 192.168.0.0 netmask 255.255.255.0 $INTERFACE
[root op gateway hosts]# cat tinc_ed
Address = remote.address.nl
Subnet = 192.168.0.0/24
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
[root op gateway hosts]# cat tinc_linux
Address = local.address.nl
Subnet = 192.168.4.0/24
Subnet = 10.0.0.0/8
Port=655
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
I've also added some rules to the firewall:
$LOGGER "VPN regels"
iptables -A INPUT -p tcp --dport 655 -j ACCEPT
iptables -A INPUT -p udp --dport 655 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 655 -j ACCEPT
iptables -A OUTPUT -p udp --dport 655 -j ACCEPT
iptables -t nat -A PREROUTING -j DNAT -i $EXTIF -p tcp --dport 655 --to
10.0.0.1:655
------------ results ------------------------------
[root op gateway hosts]# ping ed
PING ed (192.168.0.1) 56(84) bytes of data.
64 bytes from ed (192.168.0.1): icmp_seq=1 ttl=64 time=44.3 ms
64 bytes from ed (192.168.0.1): icmp_seq=2 ttl=64 time=48.4 ms
--- ed ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2026ms
rtt min/avg/max/mdev = 44.359/46.428/48.498/2.080 ms
[root op gateway hosts]# ping zion
PING zion (192.168.0.3) 56(84) bytes of data.
64 bytes from zion (192.168.0.3): icmp_seq=1 ttl=63 time=47.3 ms
--- zion ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 47.387/47.387/47.387/0.000 ms
On another machine:
haayman op linux:~> ping ed
PING ed (192.168.0.1) 56(84) bytes of data.
--- ed ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1009ms
Changing the routing-table on 'ed' is no option, because our
system-administrator refuses (rightly so) to add routing to every
employees network.
What seems to be the problem?
--
Arjen Haayman
-- cogito ergo bicyclo --
--
Arjen Haayman
-- cogito ergo bicyclo --
More information about the tinc
mailing list