tinc - Mar 2002 - I can't ping across gateway

Hi Who concern,
             I setup TINC VPN follow these.

             192.168.1.x / 24 (Client groups)
                         |
            192.168.1.1  (eth1)
                (GW1)
           202.44.34.206 (eth0)
                        ||
                  Internet
                        ||
          202.44.45.14 (eth0)
                 (GW2)
         192.168.2.1 (eth1)
                      |
         192.168.2.x/24 ( Client groups)
I use Red Hat 6.2 Kernel 2.2.14 and Tinc version 1.0pre3.
My problem is " Client  in GW1 can't pass through Client in GW2"
but Client
in GW1 can ping GW2 and inverse too"
Anybody who know this problem pls. let's me know.
follow these i my configure file.
----------------
Gw1 -> tinc-up
#!/bin/bash
/sbin/ifconfig tap0 hw ether fe:fd:00:00:00:00
/sbin/ifconfig tap0 192.168.1.1 netmask 255.255.255.0
/sbin/ifconfig tap0 -arp
/sbin/route add -net 192.168.2.0 dev tap0 netmask 255.255.255.0

Gw1 - > tinc.conf
PrivateKey = xxxxxxxx
Name = gwA
TapDevice = /dev/tap0
KeyExpire = 30000000
--------------------------
Gw2 -> tinc-up
#!/bin/bash
ifconfig tap0 hw ether fe:fd:00:00:00:00
ifconfig tap0 192.168.2.1 netmask 255.255.255.0
ifconfig tap0 -arp
route add -net 192.168.1.0 dev tap0 netmask 255.255.255.0

Gw2 -> tinc.conf
PrivateKey = xxxxx
Name = gwB
ConnectTo = gwA
KeyExpire = 30000000
--------------------------
Host - > GW1
PublicKey = xxxxxx
Subnet = 192.168.1.0/24
Address = 202.44.34.206

Host -> GW2
PublicKey = xxxxxxx
Subnet = 192.168.2.0/24
Address = 202.44.45.14
-------------------------
I hope the person who know to fix my prob. pls. let's me know .. I config it
for about 2 week..

Regards.
Anek.. KMITNB

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

On Fri, Mar 08, 2002 at 12:03:03AM +0800, Anek Chaimetrakul wrote:
> My problem is " Client  in GW1 can't pass through Client in
GW2" but Client
> in GW1 can ping GW2 and inverse too"
Your gateway must have forwarding turned on. Make sure you did:

echo 1 >/proc/sys/net/ipv4/ip_forward

And make sure you don't have firewall rules prohibiting forwarding. For
more information, read the Linux Network Administrators Guide:

http://www.linuxdoc.org/LDP/nag2/

-- 
Met vriendelijke groet / with kind regards,
  Guus Sliepen <guus@sliepen.warande.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url :
http://brouwer.uvt.nl/pipermail/tinc/attachments/20020307/5ce78cd5/attachment.pgp

Hi Guus,
       I'm enable it  already ("echo 1
>/proc/sys/net/ipv4/ip_forward") and
i'm not use any firewall. i'm set olny ip masqueade
follow there
# add for IP masqueade
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_raudio
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
echo "1" > /proc/sys/net/ipv4/ip_forward

I check at ipchains -L :
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
MASQ       all  ------  192.168.1.0/24       anywhere              n/a
Chain output (policy ACCEPT):

Do you have any comment?
Regards,
Anek. KMITNB

>From: Guus Sliepen <guus@sliepen.warande.net>
>To: tinc@nl.linux.org
>CC: Anek Chaimetrakul <ch_ank@msn.com>, ret@kmitnb.ac.th
>Subject: Re: I can't ping across gateway
>Date: Thu, 7 Mar 2002 17:25:06 +0100
>
>On Fri, Mar 08, 2002 at 12:03:03AM +0800, Anek Chaimetrakul wrote:
>
> > My problem is " Client  in GW1 can't pass through Client in
GW2" but
>Client
> > in GW1 can ping GW2 and inverse too"
>
>Your gateway must have forwarding turned on. Make sure you did:
>
>echo 1 >/proc/sys/net/ipv4/ip_forward
>
>And make sure you don't have firewall rules prohibiting forwarding. For
>more information, read the Linux Network Administrators Guide:
>
>http://www.linuxdoc.org/LDP/nag2/
>
>--
>Met vriendelijke groet / with kind regards,
>   Guus Sliepen <guus@sliepen.warande.net>
><< attach3 >>



_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

Hi again,
        Could you show me how to write this rule " Insert a rule to allow 
forwarding (without masquerading)
between 192.168.1.0/24 and .2.0/24 before that one."

Best Regards,
Anek, KMITNB..
>From: Guus Sliepen <guus@sliepen.warande.net>
>To: Anek Chaimetrakul <ch_ank@msn.com>
>CC: tinc@nl.linux.org
>Subject: Re: I can't ping across gateway
>Date: Thu, 7 Mar 2002 18:02:34 +0100
>
>On Fri, Mar 08, 2002 at 12:56:23AM +0800, Anek Chaimetrakul wrote:
>
> > /sbin/ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
>
>This rule will also masquerade packets to 192.168.2.0/24. That is not
>what you want. Insert a rule to allow forwarding (without masquerading)
>between 192.168.1.0/24 and .2.0/24 before that one.
>
>--
>Met vriendelijke groet / with kind regards,
>   Guus Sliepen <guus@sliepen.warande.net>
><< attach3 >>



_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/