[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: VPN and @Home


On Tue, Jun 26, 2001 at 10:09:10PM +0200, Mythiq wrote:
> Thanks for your advice, Michael. I will get it working like
> you proposed, I think. Our general ideas are the same, the
> exact outlines are just a bit different.

> BTW: if I add routes and the tunnels and if I don't add some
> ipchain-rules for the tunnels and new routes, the packets to
> the A and B networks will be dropped, won't they? My firewall
> affects ALL ip-packets that go through my server, I certainly
> hope...

Yes (assuming you're using DENY or REJECT as the policy.)  When
I said it has nothing to do with ipchains I meant that you can't
use ipchains to send the packets to B.  You have to use normal
routing for that (after setting up some tunnels.)  You will
still need to configure ipchains rules depending on the policies
of your chains and how much you trust A and B's machines :)

> Anyway; Andre, here in Netherlands, or at least in the east,
> Essent is the owner/supplier of the cable-services (and among
> these is @Home) Their general setup is a backbone with in
> every region a mainframe; to these large hub's/mainframes or
> whatever all local routers are connected. Within one town
> there are several routers. My problem is in these routers;
> mine is; friend A uses the same and friend B uses
> another gateway/router (dunno which one actually). All traffic
> coming from the client-side of the router is routed to the
> Internet and back but all traffic destined to a client that
> uses the same router is dropped.  I haven't tried a portscan
> on the router (yet) because I'm not aware of the risks
> involved (what will happen if they see me performing that
> scan?? You bet they won't like it a lot...) Any suggestions on
> how to perform such in a stealthy way? It will make things a
> lot easier if I can use the shortest route to network A.

hmmm... well, I don't have any Cable/xDSL experience, since we
don't have either in South Africa :P but I will try to make some
useful suggestions.

You are using private IP addresses on your internal network,
right?  Are you using a "real" IP address on your external

Is the IP address you're using on your external interface the
same as the one people on the Internet see?  (e.g. if you
send e-mail, is the IP address in the "first" received line the
same as the IP address of your external interface?)

Received: from panoramix ([]) by mail3.home.nl

If not, @Home might be doing some sort of NAT on their routers.

Also, when you try to connect to your friend, what IP address do
you use?  Is it the IP address of the external interface of his
box or is it the IP address seen by people on the Internet (if
different)?  Is his IP address within the local network for your
external interface (as defined by your external IP

If you're both using the same gateway then they should not be
able to filter traffic between you, unless they have some sort
of filtering on whatever box you use to connect to them (cable
modem?) or they have a filtering bridge/switch somewhere or
something.  (Someone correct me if I'm wrong :)  So maybe you
just need to adjust your routing slightly.

Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies

Reply to: