Re: [LARTC] Private Address Routing via Tunnels

[Jose Luis Domingo Lopez <lartc@24x7linux.com>]

On Monday, 02 February 2004, at 11:26:48 +0000,
Alan Ford wrote:

> They can route from the public to the private blocks, because they get to
> the router and the router knows to send it down the IPIP tunnel. But how
> can I configure the router at the other end to know to send responses
> from the private block to the public block down the tunnel? I think that's
> what I am needing to do here, does that make sense?
> 
Traditional routing is always based solely on the destination IP address
of packages arriving at a router. With Linux policy routing you can
route based on both destination and source IP address, and based on more
parameters, for example, any parameter selectable via iptables.

The router on the other end already has a working routing table based on
both information from IP addresses for each interface and static routes
you should have added manually. If the router on the other end doesn't
know how to route packets back to the other router , then the routing
table on the distant router is not correct.

As the two internal networks are far away and connected by a tunnel
using public IP addressing, I guess what is missing in the remote router
is a route that sends traffic directed to the other private network
through the tunnel. Exactly the same you seem to have done on your
"local" router to make traffic directed to the remote LAN be
encapsulated through the IPIP tunnel.

Just for completeness, in this setup I don't think policy routing (based
on source IP addresses) is the correct way to handle the problem.

Greetings.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.6.2-bk3)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/