thr3ads.net - tinc - trouble routing packets [Oct 2002]

If this information is useful, please help other people find it:
Share via:

4np

2002-Oct-06 17:52 UTC

trouble routing packets

Hi all :)

I have a masqueraded home lan as well as a friend of mine. I have set up
two tinc daemons on both masquerading gateways and I have no trouble
connecting (it works pretty smooth) and they show up in the syslog as
configured after sending an USR1 / USR2 signal to the daemons. The trouble
is the routing / firewalling of the packets. Maybe somebody could give me
a hand here? :)
The configuration of the two lans is printed below. I have no trouble
pinging from my gateway to the other gateway (192.168.1.1 -> 192.168.2.1)
and vise versa but I can't ping bejond a gateway. I however see the
packets arriving on either side on the gateway using tcpdump:

tcpdump -i tap0
17:25:36.410102 192.168.2.1 > 192.168.1.2: icmp: echo request
17:25:37.412188 192.168.2.1 > 192.168.1.2: icmp: echo request
17:25:38.411059 192.168.2.1 > 192.168.1.2: icmp: echo request
17:25:39.410655 192.168.2.1 > 192.168.1.2: icmp: echo request

tcpdump -i eth1
Does not show any icmp request/replies

So unfortunately I can't get them to go any further than the gateway...
Hence the question is: What is wrong with my routing table or my ipchains
settings and how could I correct it? :) Thanks in advance! :)

Jeroen


LAN 1:
------------------------
eth0      Link encap:Ethernet  HWaddr 00:50:04:46:84:8E
          inet addr:1.2.3.4  Bcast:1.2.3.255  Mask:255.255.254.0
eth1      Link encap:Ethernet  HWaddr 00:60:97:B2:C0:71
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
.
.
tap0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:00
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.0.0

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.1.0     *               255.255.255.0   U     0      0        0
eth1
1.2.3.0   	*               255.255.254.0   U     0      0        0
eth0
192.168.0.0     *               255.255.0.0     U     0      0        0
tap0
default         babyxl-ams-gw-1 0.0.0.0         UG    0      0        0
eth0

Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
-          all  ------  192.168.0.0/16       192.168.1.0/24        n/a
-          all  ------  192.168.1.0/24       192.168.0.0/16        n/a
MASQ       all  ------  192.168.1.2          anywhere              n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports


LAN 2:
------------------------
eth0      Link encap:Ethernet  HWaddr 00:20:18:A0:3B:E1
          inet addr:2.3.4.5  Bcast:2.3.4.255  Mask:255.255.254.0
eth1      Link encap:Ethernet  HWaddr 00:E0:29:0E:85:4E
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
.
.
tap0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:00
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.0.0

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.2.0     *               255.255.255.0   U     0      0        0
eth1
2.3.4.0   	*               255.255.254.0   U     0      0        0
eth0
192.168.0.0     *               255.255.0.0     U     0      0        0
tap0
default         babyxl-ams-gw-1 0.0.0.0         UG    0      0        0
eth0

Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
-          all  ------  192.168.0.0/16       192.168.2.0/24        n/a
-          all  ------  192.168.2.0/24       192.168.0.0/16        n/a
MASQ       all  ------  192.168.2.2          anywhere              n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports


Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

Guus Sliepen

2002-Oct-06 21:18 UTC

head link

trouble routing packets

On Sun, Oct 06, 2002 at 05:52:21PM +0200, [4np] wrote:
> I have a masqueraded home lan as well as a friend of mine. I have set up
> two tinc daemons on both masquerading gateways and I have no trouble
> connecting (it works pretty smooth) and they show up in the syslog as
> configured after sending an USR1 / USR2 signal to the daemons. The trouble
> is the routing / firewalling of the packets. Maybe somebody could give me
> a hand here? :)
Well it's quite obvious:
> Chain forward (policy DENY):
> target     prot opt     source                destination           ports
> -          all  ------  192.168.0.0/16       192.168.1.0/24        n/a
> -          all  ------  192.168.1.0/24       192.168.0.0/16        n/a
> MASQ       all  ------  192.168.1.2          anywhere              n/a
You didn't specify a target for the first two rules, so the default
policy, DENY, will apply.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus@sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://brouwer.uvt.nl/pipermail/tinc/attachments/20021006/a8a56600/attachment.pgp

Possibly Parallel Threads

Search for more reasonably related threads

tinc - Oct 2002 - trouble routing packets

trouble routing packets

trouble routing packets

Possibly Parallel Threads