/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */ Ok, let me give you the low-down. We have 2 offices, each with static IP's running through IP-MASQ. 1 office is using RedHat 6.0 (Clean install as of a day or 2 ago...) and the other office is using Suse 5.3. We are able to both masq out to the internet just fine. .. What we are trying to do is setup a VPN between the two routes.. We have one subnet setup with 192.168.0.1... (Office 1) 192.168.1.1... (Office 2). I installed the VPND server in office 1, and VPND in office 2 as the client. We are able to ping through the masq to eachoether.. no problem. I can FTP to eachother... No problem... BUT, if I try and SSH to and between the two offices.. big problem. Connection just times out. For example, we should be able to ssh from 192.168.1.21 -> 192.168.0.1 without problems. (I can ssh from 192.168.1.21 -> INTERNET.IP.OFFICE.ONE no problem..) and vica versa... BUT, certain programs do work.. like ftp.. ping .. etc. (Telnet would work except it is not turned on at the moment for security...) We also have a MS-SQL server that sits on the ip address of 192.168.0.2 .... anyone in the 192.168.1.0 network can't attatch to the sql server via the vpn. (It uses port 1433 I believe...) Now, the voodoo thing about all of this, before I upgraded office 2 to redhat, it all worked fine. The only change is that now we are using ipchains instead 2.0 firewall stuff.. (I am not even sure ..I didn't participate in installing that setup..) I am guessing that office 2's MASQ configuration is not setup for the VPN to be INSIDE of the masq. Who knows though, that is why I am asking you guys.. the MASQ guru's... (I just want to go to bed!) :) Here are my masq rules.. as inside of my rc.local /sbin/sshd & /sbin/modprobe -P forward DENY /sbin/modprobe -A forward -s 192.168.1.0/255.255.255.0 -j MASQ /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_portfw /sbin/modprobe ip_masq_autofw Ok, that should do it... let me know if I am leaving out any crucial informatoin to help this situation.... thanks a TON in advance.... _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/
