ping between nated hosts
Christian Lyra
lyra at pop-pr.rnp.br
Tue Feb 17 15:07:59 CET 2009
On Tuesday 17 February 2009, Donald Pearson wrote:
> Can you give some more detail about the specifics of the network?
> Such as the subnetting? Is the Tinc interface on A bridged?
No bridge. Here is the details:
tinc.conf files:
Host A:
Name = hosta
Device = /dev/net/tun
Mode = switch
Host B:
Name = hostb
ConnecTo = hosta
Device = /dev/net/tun
Mode = switch
Host C:
Name = hostc
ConnecTo = hosta
Device = /dev/net/tun
Mode = switch
Host files (same on all hosts)
hosta:
Address = <public ip address>
-----BEGIN RSA PUBLIC KEY-----
xxx
-----END RSA PUBLIC KEY-----
hostb:
IndirectData = yes
Port = 657
-----BEGIN RSA PUBLIC KEY-----
xxx
-----END RSA PUBLIC KEY-----
hostc:
IndirectData = yes
Port = 658
-----BEGIN RSA PUBLIC KEY-----
XXX
-----END RSA PUBLIC KEY-----
tinc-up files:
A:
ifconfig testnet 4.0.0.1 netmask 255.255.255.0
B:
ifconfig testnet 4.0.0.3 netmask 255.255.255.0
C:
ifconfig testnet 4.0.0.4 netmask 255.255.255.0
daemon started on all hosts with "tincd -n testnet"
so... just after start
From B:
# ping 4.0.0.4
PING 4.0.0.4 (4.0.0.4) 56(84) bytes of data.
From 4.0.0.3 icmp_seq=1 Destination Host Unreachable
From 4.0.0.3 icmp_seq=2 Destination Host Unreachable
then, from C:
$ ping 4.0.0.3
PING 4.0.0.3 (4.0.0.3): 56 data bytes
64 bytes from 4.0.0.3: icmp_seq=0 ttl=64 time=744.0 ms
64 bytes from 4.0.0.3: icmp_seq=1 ttl=64 time=313.7 ms
Again from B:
# ping 4.0.0.4
PING 4.0.0.4 (4.0.0.4) 56(84) bytes of data.
64 bytes from 4.0.0.4: icmp_seq=1 ttl=64 time=338 ms
64 bytes from 4.0.0.4: icmp_seq=2 ttl=64 time=318 ms
# arp -n
Address HWtype HWaddress Flags Mask Iface
4.0.0.4 ether 00:FF:04:F4:27:77 C testnet
wait, wait, wait...
# arp -n
< no more 4.0.0.4 entry>
# ping 4.0.0.4
PING 4.0.0.4 (4.0.0.4) 56(84) bytes of data.
From 4.0.0.3 icmp_seq=1 Destination Host Unreachable
From 4.0.0.3 icmp_seq=2 Destination Host Unreachable
More information:
A tcpdump -n -i testnet on A shows:
15:38:05.615615 arp who-has 4.0.0.4 tell 4.0.0.3
15:38:06.649828 arp who-has 4.0.0.4 tell 4.0.0.3
A tcpdump -n -i testnet on C shows nothing.
> On Mon, Feb 16, 2009 at 10:23 PM, Christian Lyra <lyra at pop-pr.rnp.br>
wrote:
> > Hi there,
> >
> > I´m trying to use tinc to solve this scenario:
> >
> > Host A has public/know ip address
> > Hosts B and C are behind nat
> >
> > I´m using switch mode, and hosts B and C has IndirectMode enabled.
> > Host A is in listen only mode (no ConnectTo set), hosts B and C
> > connects to A. Everything works almost as expected... B and C
> > connects to A, and they can ping each other, but ONLY after each
> > other learns the other MAC thru A. What I mean is: if I start A,
> > B, C, and try to ping C from B, ping will fail, but if I send a
> > ping to A from C, then B will be able to ping C as it will learn
> > the MAC of C thru A. If there´s no traffic between the hosts for a
> > while, then the arp entries will expire from arp tables and the
> > problem will happen again.
> >
> > Is there a way to solve this with a tinc configuration? leaving a
> > cron job to make nated hosts ping A is not a elegant option :-(
> >
> > --
> > Christian Lyra
> > PoP-PR/RNP
> > _______________________________________________
> > tinc mailing list
> > tinc at tinc-vpn.org
> > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
--
Christian Lyra
POP-PR - RNP
http://lyra.soueu.com.br
I will not wear long, heavy cloaks. While they certainly make a bold
fashion statement, they have an annoying tendency to get caught in
doors or tripped over during an escape.
The Top Things I'd Do
If I Ever Became an Evil Overlord
More information about the tinc
mailing list