On Monday, 20. August 2001 10:55, maf@cybereye.co.uk wrote:
Hi Christoph,
On 2001.08.20 08:29:39 +0100 Christoph Egger wrote:
Further the routed is somehow blocked by the firewall:
.... Kernel log: input DENY eth0 PROTO=17 10.0.1.0:520 10.0.1.255:520 L=52 S=0x00 I=0 F=0x4000 T=64 (#4) .... Kernel log: input DENY eth1 PROTO=17 62.180.107.61:520 62.180.107.63:520 S=0x00 I=0 F=0x4000 T=64 (#5)
Shutting the firewall down, routed says:
re-installing interface eth0 re-installing interface eth1
and pinging, DNS, SMB, etc. between the two subnets works perfect.
----------------------------------------------------------------------- ---- -------
> What do you think, might be the problem?
Well, at least we know the tunnel works - the problem is something to do with the firewall.
Exactly.
I assume the interfaces 62.180.107.6[1,3] are the public addresses of the gateways
62.180.107.61 is the public address of gateway 2, where the firewall is set up. 62.180.107.63 is the broadcast address.
Since you are getting routed packets blocked, try: 1. Poke a hole in the FW for UDP port 520 - you can always tweak it later to make it more secure. 2. kill routed and test some static routes.
Has no effect.
If that still doesn't help, put everything back to 'normal' and grab the FW logs from a failed ping through the tunnel. Feel free to post them directly to me if you don't want to post them to the list.
FW log is attached. -- CU, Christoph