Help needed Masarading and firewall

Help needed Masarading and firewall

Post by jpeter.. » Thu, 31 Aug 2000 04:00:00



I have a VPN set up and working for the most part.  But I have run in to
a problem and I am pretty sure its a masquarading and firewall problem.

here is what I have SiteA is the primary site and siteB is connection or
estabolishing a connection to SiteA.

Windows1--->SiteA <--> Interner<-->SiteB<---Windows2

I can ping and telnet from windows1 to SiteB though the IPTunnel created
by the software VTUN.

Windows1-->siteA.intIP-->SiteA.extIP-->internet-\
 /----------------------------------------------/
|
\->SiteB.extip->SiteB.intIP-->windows2

and ViseVers from windows2 to Windows1. but on either side the farthest
any packet gets on the tunnel is to the intIP.

(ex windows1 ->SiteA.intip->Sitea.tunnel->Siteb.tunnel->SiteB.intip)

here is my route table

SiteA
tunnel.ip       0.0.0.0        255.255.255.255 UH  0   0  0 tun0
int.network     0.0.0.0        255.255.255.0   U   0   0  0 eth1
remotenetwork   Siteb.tunnelip 255.255.255.0   UG  0   0  0 tun0
ext.ip          0.0.0.0        255.255.255.0   U   0   0  0 eth0
gateway         ISP.gateway    0.0.0.0         UG  1   0  0 eth0

SiteB
ext.ip          0.0.0.0        255.255.255.255 UH  0   0  0 tun1
int.network     0.0.0.0        255.255.255.0   U   0   0  0 eth1
remotenetwork   SiteA.tunnelip 255.255.255.0   UG  0   0  0 tun1
ext.ip          0.0.0.0        255.255.255.0   U   0   0  0 eth0
gateway         IPS.gateway    0.0.0.0         UG  1   0  0 eth0

I am masquareding both sides of the tunnel using IPchains.
ipchains -A forward int.network/24 -j MASQ

any help would be greatly appreciated

James Peterson

Sent via Deja.com http://www.deja.com/
Before you buy.