Re: Forward + Routing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

** AND the opposite route back ON GATEWAY B1 TO Subnet A via GATEWAY B **

I already added this route! GATEWAY B1 can send packets to Subnet A correctly... Seems just that packets outgoing from ipsec interface are not routed anymore towards Subnet C via Gateway B1...

If that doesn't work, you may need to ask the FreeS/WAN guys since it might be an erouting problem on GATEWAY B.

How?

Thanks


From: Damion de Soto <damion@xxxxxxxxxxxx>
To: Fiorangelo Peluso <fiorangelo@xxxxxxxxxxx>
CC: lartc@xxxxxxxxxxxxxxx
Subject: Re:  Forward + Routing
Date: Fri, 28 Nov 2003 13:45:34 +1000

Hi Fiorangelo,

Subnet A <-> GATEWAY A ------- VPN with FREE/SWAN --------- GATEWAY B <-> Subnet B <-> GATEWAY B1 (physically on Subnet B) <-> Subnet C
The question is: HOW DO I MAKE SUBNET C REACHABLE FROM SUBNET A?

I created a new connection in ipse.conf specifying as leftsubnet just the Subnet C. This way I can ping Subnet C from GATEWAY B but not from Subnet A.. It seems to me that packets are not routed correctly if they came from Subnet A! I already added a route to Subnet C on the GATEWAY B but it seems to work only for packets from the Gateway and not for the forwarded packets from Subnet A.. 
You'll need a new ipsec.conf connection at GATEWAY A and GATEWAY B for
Subnet A <-> Subnet C, (which I think you did)

Then you need a route ON GATEWAY B TO Subnet C via GATEWAY B1 (which I think you did),
** AND the opposite route back ON GATEWAY B1 TO Subnet A via GATEWAY B **

If that doesn't work, you may need to ask the FreeS/WAN guys since it might be an erouting problem on GATEWAY B.

That is assuming there is no NAT or Masquerading occuring anywhere.

Regards,

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@xxxxxxxxxxxx
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
 | Custom Embedded Solutions          fax:         +61 7 3891 3630
 | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---


_________________________________________________________________
MSN Extra Storage: piena libertà di esprimersi e comunicare http://www.msn.it/msnservizi/es/?xAPID=534&DI=1044&SU=http://hotmail.it/&HL=HMTAGTX_MSN_Extra_Storage

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux