multiple networks (fwd)

Guus Sliepen guus at sliepen.warande.net
Fri May 26 10:31:51 CEST 2000 

---------- Forwarded message ----------
Date: Fri, 26 May 2000 01:02:22 -0600
From: Mike MacNeill <mikem at accesscomm.ca>
To: Guus Sliepen <guus at sliepen.warande.net>
Subject: multiple networks

I have come across a complicated problem.
I am using tinc 1.0pre1 and Redhat6.2

I have a main System and some remote systems.
I have two networks on my main system and
two networks on my remote system. I can send and receive packets
on both main networks to 1 of the remote networks. but I can only
receive packets from the 2nd remote network.


Main System -
eth1      Link encap:Ethernet  HWaddr 00:A0:D2:1C:E9:41
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0

eth1:0    Link encap:Ethernet  HWaddr 00:A0:D2:1C:E9:41
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0

eth2      Link encap:Ethernet  HWaddr 00:60:8C:E8:6F:C5
          inet addr:192.168.42.100  Bcast:192.168.42.255  Mask:255.255.255.0

tap2      Link encap:Ethernet  HWaddr FE:FD:C0:A8:01:01
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.0.0

route -n | grep tap2
192.168.31.0    0.0.0.0         255.255.255.0   U     0      0        0 tap2
192.168.30.0    0.0.0.0         255.255.255.0   U     0      0        0 tap2


Remote System
eth1      Link encap:Ethernet  HWaddr 00:A0:D2:1C:FC:6B
          inet addr:192.168.31.1  Bcast:192.168.31.255  Mask:255.255.255.0

eth2      Link encap:Ethernet  HWaddr 00:A0:D2:1C:EC:A6
          inet addr:192.168.30.1  Bcast:192.168.30.255  Mask:255.255.255.0

tap0      Link encap:Ethernet  HWaddr FE:FD:C0:A8:1F:01
          inet addr:192.168.31.1  Bcast:192.168.31.255  Mask:255.255.0.0

route -n | grep tap0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tap0
192.168.42.0    0.0.0.0         255.255.255.0   U     0      0        0 tap0

****************************************************************************
**

With the tinc daemon running at both ends computers using 192.168.1 and
192.168.42
on the master network can talk to computers using 192.168.31 but not
192.168.30

If I look at the ipchain rules I can see the packets going out tap2 on the
master system.
Chain o_tap2 (1 references):
 pkts bytes target     prot opt    tosa tosx  source
destination
    5   565 ACCEPT     all  ------ 0xFF 0x00  192.168.1.0/24
192.168.30.0/24
   26  7062 ACCEPT     all  ------ 0xFF 0x00  192.168.42.0/24
192.168.30.0/24
   44  6120 ACCEPT     all  ------ 0xFF 0x00  192.168.1.0/24
192.168.31.0/24
    0     0 ACCEPT     all  ------ 0xFF 0x00  192.168.42.0/24
192.168.31.0/24
    0     0 DENY       all  ----l- 0xFF 0x00  0.0.0.0/0            0.0.0.0/0

But the ipchain rule on the remote system is not receiving them.
Chain i_tap0 (1 references):
 pkts bytes target     prot opt    tosa tosx  source
destination
    0     0 ACCEPT     all  ------ 0xFF 0x00  192.168.1.0/24
192.168.30.0/24
    0     0 ACCEPT     all  ------ 0xFF 0x00  192.168.42.0/24
192.168.30.0/24
  881  191K ACCEPT     all  ------ 0xFF 0x00  192.168.1.0/24
192.168.31.0/24
    6   504 ACCEPT     all  ------ 0xFF 0x00  192.168.42.0/24
192.168.31.0/24
    0     0 DENY       all  ----l- 0xFF 0x00  0.0.0.0/0            0.0.0.0/0

One other interesting thing is that the remote system can send packets with
a source
of 192.168.30 and a destination of 192.168.42 or 1 and they get through.
The Output chain in the remote system can see the packets leave.
Chain o_tap0 (1 references):
 pkts bytes target     prot opt    tosa tosx  source
destination
    0     0 ACCEPT     all  ------ 0xFF 0x00  192.168.30.0/24
192.168.1.0/24
    3   390 ACCEPT     all  ------ 0xFF 0x00  192.168.30.0/24
192.168.42.0/24
   69  8147 ACCEPT     all  ------ 0xFF 0x00  192.168.31.0/24
192.168.1.0/24
    7   588 ACCEPT     all  ------ 0xFF 0x00  192.168.31.0/24
192.168.42.0/24
    0     0 DENY       all  ----l- 0xFF 0x00  0.0.0.0/0            0.0.0.0/0

The input chain on the master system can see the packets arrive.
Chain i_tap2 (1 references):
 pkts bytes target     prot opt    tosa tosx  source
destination
    0     0 ACCEPT     all  ------ 0xFF 0x00  192.168.30.0/24
192.168.1.0/24
    3   543 ACCEPT     all  ------ 0xFF 0x00  192.168.30.0/24
192.168.42.0/24
   16  1303 ACCEPT     all  ------ 0xFF 0x00  192.168.31.0/24
192.168.1.0/24
    7   588 ACCEPT     all  ------ 0xFF 0x00  192.168.31.0/24
192.168.42.0/24
    0     0 DENY       all  ----l- 0xFF 0x00  0.0.0.0/0            0.0.0.0/0

So the problem appears to only be in one direction. and only for one network
on the
remote system. Both networks on the master system work fine.

If I switch Tap0 on the remote system to:

tap0      Link encap:Ethernet  HWaddr FE:FD:C0:A8:1E:01
          inet addr:192.168.30.1  Bcast:192.168.30.255  Mask:255.255.0.0

Then the exact opposite happens. I can send and receive from the 30 network
but I cannot receive on the 31 network.

It is very very weird.


-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/

More information about the Tinc mailing list