Menu
▾
▴
Re: [IPCop-user] IPCop & IPtables
|
From: Graham W. <gw...@co...> - 2008-11-17 20:39:06
|
-----Original Message----- From: G.W. Haywood [mailto:ge...@ju...] Sent: Monday, 17 November 2008 8:54 PM To: ipc...@li... Subject: Re: [IPCop-user] IPCop & IPtables Hi there, On Mon, 17 Nov 2008 Graham Wallace wrote: > One thing I would like to do and I'm sure it can be done is insert > into the routing tables the path to navigate from one box via the > VPN to another box and then into the orange. > > So what I need to know is assuming I have a configuration something like > > Box 1 > Green 1 ... 10.10.10.0 > orange 1 ... 192.168.10.0 > > Box 2 > Green 2 ....10.10.20.0 > Orange 2 ... 192.168.20.0 > > So my question is where would I place this in the config (which file to > modify) and what syntacs to use > ... > I am assumming once it gets to Box2, as the orange2 network is known > it will then work... (assuming rules are set in BOT) but the allow > anything from IPsec to Orange should cover this. Normally ORANGE traffic isn't allowed to GREEN but it seems like you know about that. So assuming you've dealt with that you just need to tell IPCop the IP of the gateway for traffic which will be going to the 10.10.x.x network on the other box. Without that it will either (depending on your existing routes) try to send it to the 10.10.x.x network on the same IPCop (where it will be ignored), or out to the Internet via the default gateway (where it will be discarded, because it's on one of the private IP address ranges). I'd have thought something like on Box 1: /sbin/route add -net 192.168.20.0 netmask 255.255.255.0 gw 10.10.10.x where x is the IP of Box 2 and on Box 2: /sbin/route add -net 192.168.10.0 netmask 255.255.255.0 gw 10.10.20.x where x is the IP of Box 1. You could type these at the command line to try it, then when it works (i.e. when you can ping the remote networks, ssh into the boxes or whatever you need to do) put them in /etc/rc.d/rc.local so they're executed at boot time. There are other places in the startup files you could choose too, or you could get creative with config files but I don't recommend that. Make careful notes about what you've done in an exercise book or your diary or something so you can recover if you sc^H^H make a mistake. -- 73, Ged. ------------------------------------------------------------------------- Thanks Ged But to clarify, I'm not trying to go from orange to green What I am attempting to do is >From Green1 via VPN Via Green2 to IPaddress on orange2. So if the Green ip of each box is the 1st address 10.10.10.1 and 10.10.20.1 respectively I can see the logical flow in the command Also to not have problems until I get the natural flow going I have temporarily disabled the BOT on both machines And then I add to box1 (Route Orange2 network via Gateway Green2) /sbin/route add -net 192.168.20.0 netmask 255.255.255.0 gw 10.10.20.1 I get SIOCADDRT: Network is unreachable Is there some sort of Default rule in IPcop that stops IPsec going to Orange? I would have thought that if it got to green then traffic as green has permission to orange by default (not other way as you correctly point out) It should have worked? Graham |