Re: packet forwarding.
Alex & others,
My network is illustrated here now.
http://carnot.pathology.ubc.ca/Network.jpg
Forwarding is always on.
dalton:~# cat /proc/sys/net/ipv4/ip_forward
1
as> ... routing tables commands have a look at man ip
OK; I've read route.man and ip.man.
as> for a machine at local lan a (say 192.168.0.100)
...
ip r a 192.168.2.0/24 via 192.168.1.2
Even without such a command this is the routing
table on Dalton.
dalton:~# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
joule.petershou * 255.255.255.255 UH 0 0 0 tun0
142.103.107.128 * 255.255.255.128 U 0 0 0 eth0
172.24.1.0 * 255.255.255.0 U 0 0 0 eth3
default 142.103.107.254 0.0.0.0 UG 0 0 0 eth0
According to the first line, Dalton knows
that the route to joule.petershouse.invalid
is through the tun0 interface.
To the best of my knowledge,"joule.petershouse.invalid"
appears only in /etc/hosts on joule. I'll guess that
openvpn sends it from Joule to Dalton.
So Cantor should be get a POP3 connection to
joule.petershouse.invalid? It gets only
"no connection".
as> you will still need to look at your firewall
I guess there are two possibilities. Either
(1) routing to the "invalid" domain is not allowed
or
(2) the firewall on Dalton or on Joule is blocking
the connection.
Dalton has this policy.
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc vpn ACCEPT
Joule has this rule.
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
POP3/ACCEPT net $FW
Which rules out case (2) above.
So only (1) left?
Someone please shoot down one of my ideas
or give another hint.
Thanks, ... Peter E.
--
http://carnot.yi.org/
= http://carnot.pathology.ubc.ca/
Desktops.OpenDoc http://members.shaw.ca/peasthope/
Reply to: