[Masq] Re: [Masq] 2 Sleepless nights.. still no SSH via our masq-vpn:)

Wed, 4 Aug 1999 09:34:39 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */



Hey Mark,

>I installed the VPND server in office 1, and VPND in office 2 as the
>client.  We are able to ping through the masq to eachoether.. no
>problem.


VPNd?  Never heard of it.  Depending on your performance and
Security needs, you might want to run something like SWAN, CIPE, 
etc.


>I can FTP to eachother...   No problem...

Are you SURE this traffic is going through the VPN or just via the
Inet?


>For example, we should be able to ssh from 192.168.1.21 ->  192.168.0.1
>without problems.

Can the two linux servers themselves SSH to eachother?


>Now, the voodoo thing about all of this, before I upgraded office 2 to
>redhat, it all worked fine.

Hmmm.. dunno.  Its still Linux.


>/sbin/sshd &

That should be in /usr/local/sbin.  hehe.. personal preference I guess.



>/sbin/modprobe ip_masq_ftp
>/sbin/modprobe ip_masq_irc
>/sbin/modprobe ip_masq_raudio
>/sbin/modprobe ip_masq_portfw
>/sbin/modprobe ip_masq_autofw


These should be before the IPFWADM statments.


>/sbin/modprobe -P forward DENY
>/sbin/modprobe -A forward -s 192.168.1.0/255.255.255.0 -j MASQ

I hope your really tiried here.  That should be /sbin/ipchains

Next, you shouldn't MASQ between VPN sites unless you have to.
To do that, you need to setup static routes:


On the 192.168.0.x network:

        route add -net 192.168.1.0 netmask 255.255.255.0 dev tun0

On the 192.168.1.x network:

        route add -net 192.168.0.0 netmask 255.255.255.0 dev tun0



Lastly, you need to configure IPCHAINS to forward that traffic
properly to eachother's site BEFORE you enable MASQing.  I'll
leave this up to you.  (Hint:  you need IPCHAINS using the
forward chain).

--David
.----------------------------------------------------------------------------.
|  David A. Ranch - Linux/Networking/PC hardware         [EMAIL PROTECTED]  |
!----                                                                    ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'


_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to