Routing problem on a Masquerading Firewall

Martijn Jacobs martijn at fourdigits.nl
Wed Oct 5 18:27:07 CEST 2005 

Hello!


I've setup tinc almost succesfully, but there is one problem remaining 
with a routing issue.

Short Description of the situation :


Workstation A (192.168.1.3)
     |
     |
 Tinc Host "50K" (192.168.1.1)
     |
     |
<Unknown Firewall>
     +
     +
     +
<Masq Firewall (Linux)>
 and Tinc Host "oeoe" (192.168.2.1)
     |
     |
  Workstation B  (192.168.2.3)

-
Tinc Host "50K" initiates the connection through the unkown firewall
-
All the hosts have the TCPOnly = yes configuration value
-
Connection is succesfull, the Masq firewall / Tinc Host "oeoe" can 
connect(ping) to Tinc Host "50K" as well as to Workstation A.
-
Workstation A can connect (ping) to Masq firewall / Tinc Host "oeoe" as 
well as to Workstation B. And Tinc Host "50K" is able to connect to 
Workstation B
-


The problem : Workstation B cannot connect to Tinc Host "50K" nor to 
Workstation A. It could be that the Workstation B packets are not 
correctly routed, however : When I run both tinc daemons in debug mode, 
I see packets logged, so the packets are arriving via the virtual 
network. Because Workstation A can connect to Workstation B , routing 
should be ok right? Has this something to do with the unknown firewall? 
And if so, why are the packets then arriving on the other subnet (logged 
in tincd debug mode)?

I've also tried to disable Masquerading on the Masquerading Firewall 
"oeoe" without succes. And I've checked /proc/sys/net/ipv4/ip_forward.

I'm out of idea's, so If any of you guys have a suggestion what could be 
wrong?



================
Routing table of Host "50K":
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
10.0.0.0        *               255.255.255.0   U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.0.0     U     0      0        0 
fourdigits
default         10.0.0.254      0.0.0.0         UG    0      0        0 eth0

Routing table of Host "OEOE":
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
10.0.0.0        *               255.255.255.0   U     0      0        0 eth1
192.168.2.0     *               255.255.255.0   U     0      0        0 eth1
82.161.58.0     *               255.255.254.0   U     0      0        0 eth0
192.168.0.0     *               255.255.0.0     U     0      0        0 
fourdigits
default         bbned-10k-07.ro 0.0.0.0         UG    0      0        0 eth0

Host "50K" tinc-up:
echo "1" > /proc/sys/net/ipv4/ip_forward
ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0

Host "Oeoe" tinc-up :
ifconfig $INTERFACE 192.168.2.1 netmask 255.255.0.0
================

-- 
Martijn Jacobs
Four Digits, internet solutions
e-mail: martijn at fourdigits.nl | web: http://www.fourdigits.nl
tel: +31 (0)26 44 22 700 | fax: +31 (0)84 22 06 117

More information about the tinc mailing list