Re: packet forwarding.
Alex & others,
My network is illustrated here now.
Forwarding is always on.
dalton:~# cat /proc/sys/net/ipv4/ip_forward
as> ... routing tables commands have a look at man ip
OK; I've read route.man and ip.man.
as> for a machine at local lan a (say 192.168.0.100)
ip r a 192.168.2.0/24 via 192.168.1.2
Even without such a command this is the routing
table on Dalton.
dalton:~# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
joule.petershou * 255.255.255.255 UH 0 0 0 tun0
184.108.40.206 * 255.255.255.128 U 0 0 0 eth0
172.24.1.0 * 255.255.255.0 U 0 0 0 eth3
default 220.127.116.11 0.0.0.0 UG 0 0 0 eth0
According to the first line, Dalton knows
that the route to joule.petershouse.invalid
is through the tun0 interface.
To the best of my knowledge,"joule.petershouse.invalid"
appears only in /etc/hosts on joule. I'll guess that
openvpn sends it from Joule to Dalton.
So Cantor should be get a POP3 connection to
joule.petershouse.invalid? It gets only
as> you will still need to look at your firewall
I guess there are two possibilities. Either
(1) routing to the "invalid" domain is not allowed
(2) the firewall on Dalton or on Joule is blocking
Dalton has this policy.
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc vpn ACCEPT
Joule has this rule.
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
POP3/ACCEPT net $FW
Which rules out case (2) above.
So only (1) left?
Someone please shoot down one of my ideas
or give another hint.
Thanks, ... Peter E.