[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: VPN and @Home

Gosh, it starts to look like a long thread now. However, I think I'm quite
well supplied with good advice. I'll cut the thread after this, OK? THNX a
lot all!
> Yes (assuming you're using DENY or REJECT as the policy.)  When
> I said it has nothing to do with ipchains I meant that you can't
> use ipchains to send the packets to B.  You have to use normal
> routing for that (after setting up some tunnels.)  You will
> still need to configure ipchains rules depending on the policies
> of your chains and how much you trust A and B's machines :)
My point exactly. =:)

--- snip ---
> hmmm... well, I don't have any Cable/xDSL experience, since we
> don't have either in South Africa :P but I will try to make some
> useful suggestions.
> You are using private IP addresses on your internal network,
> right?  Are you using a "real" IP address on your external
> interface?
yup! the same you can ping. (it said pong)

> Is the IP address you're using on your external interface the
> same as the one people on the Internet see?  (e.g. if you
> send e-mail, is the IP address in the "first" received line the
> same as the IP address of your external interface?)

> Received: from panoramix ([]) by mail3.home.nl
That's my workstation running Windoze. My server Obelix is masquerading my
LAN to the Net.

> If not, @Home might be doing some sort of NAT on their routers.
Nope. I don't think so.

> Also, when you try to connect to your friend, what IP address do
> you use?  Is it the IP address of the external interface of his
> box or is it the IP address seen by people on the Internet (if
> different)?  Is his IP address within the local network for your
> external interface (as defined by your external IP
> address/netmask.)
It's the Internet IP.

> If you're both using the same gateway then they should not be
> able to filter traffic between you, unless they have some sort
> of filtering on whatever box you use to connect to them (cable
> modem?) or they have a filtering bridge/switch somewhere or
> something.  (Someone correct me if I'm wrong :)  So maybe you
> just need to adjust your routing slightly.
nah, I think you're right. It all looks like they're filtering / firewalling
all "internal network" traffic: it can get to the Net and back but it cannot
go from internal to another internal address. That would explain why another
router of the same type considers me as an real-Internet address and thus
let me through to that particular "internal network".
> --
> Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
> wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies

=== Mythiq ===

> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact

Reply to: