hello good morning, i would like to ask, do i need to configure nat/masq in both linux boxes? I could ping both eth1 which is the private ip of the interfaces but private network wont work. ----- Original Message ----- From: "Christoph Simon" <ciccio@kiosknet.com.br> To: "glynn" <glynn@itextron.com> Cc: <lartc@mailman.ds9a.nl> Sent: Tuesday, January 08, 2002 5:48 PM Subject: Re: [LARTC] Gre Tunneling Problem > On Mon, 7 Jan 2002 17:40:47 +0800 > "glynn" <glynn@itextron.com> wrote: > > > when you configure that tunneling did you reconfigure your kernel? what > > should i enable in my kernel? by the way when i log-on to the linux A, I > > could ping the linux B eth0(internet) and eth1(let say "192.168.1.1") > > but when i ping the "192.168.1.2" which is a windows workstation > > connected to hub it wont pass thru. how do i sniff the interface where > > the packets go, can you help me about that pls. Thanks > > So you can ping from 192.168.2.1 to 192.168.1.1, this is good, as it > means that the tunnel definitively is working. > > Now, if you try to ping from 192.168.2.1 to 192.168.1.2, the Windows > box, it seems to fail. First I would try to ping from 192.168.1.1 to > 192.168.1.2, just to make sure, everything is working fine locally. If > this works too, I would make tcpdump listen at the external interface > of 192.168.2.1. Does the packet actually go out? If not, the routing > or filter problem must be there. If it works, I'd listen on the > external interface of 192.168.1.1; obviously these must arrive because > the tunnel is working and the packet left at the other side. Now you > can listen to the internal interface, seeing if the packet is actually > being forwarded. If this fails, your problem is routing, filtering or > forwarding on 192.168.1.1. Don't know how to sniff on a Windows, but > as the ping from 192.168.1.1 to 192.168.1.2 presumibly worked, there > shouldn't be a need. > > If you have access and there is no other traffic, a much simpler > method would be just to watch the leds on the modems, network cards, > hubs, etc. This will help finding out where your problem is. As you > can ping the first computer after the tunnel, I feel sure, the tunnel > is working fine, the problem must be in another place, probably a > stupid little detail. > > Note that the suggestion of introducing a different network address > for the tunnel interfaces themselves will slightly complicate > routing. But if you pay attention, this shouldn't be a problem. > > -- > Christoph Simon > ciccio@kiosknet.com.br > --- > ^X^C > q > quit > :q > ^C > end > x > exit > ZZ > ^D > ? > help > . > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ >
