Next
Previous
Contents
This howto assumes you already configured your kernel to support IP
masquerade. See references below for information on configuring
your kernel for a linux firewall.
This setup uses a star/hub configuration. It will set up a cipe
connection from Machine A to Machine B and another from Machine A
to Machine C.
Machine A
eth0: 192.168.1.1
eth1: real ip 1
/ \
/ \
Machine B Machine C
eth0: 192.168.2.1 eth0:192.168.3.1
eth1: real ip 2 eth1: real ip 3
eth0 is the local network (fake address)
eth1 is the internet address (real address)
Port A is any valid port you would like to choose
Port B is any other valid port you would like to choose
Key A is any valid key you would like to choose (read cipe doc for info)
Key B is any valid key you would like to choose
The ip-up scripts currently only allow class c traffic through the cipe
interface. If you wish for machine B to communicate with Machine C then
you will need to change the appropriate ip-up and ip-down scripts.
Specifically, you need to change the ptpaddr and myaddr netmasks. There
are two ip-up scripts, one for ipchains and one for ipfwadm. Same with the
ip-down scripts. Change the appropriate incoming, outgoing, and forwarding
cipe interface firewall rules netmask from /24 to /16. Any cipe firewall
rule changes you make in ip-up for ipfwadm, make sure the ip-down script reflects
the change so it will be properly removed from the list when the interface
goes down. For the ipchains file, anything added in a chain does not need
ip-down reflection since ip-down will flush all the rules in the user
defined
chain.
You will also need to uncomment the network route in the rc.cipe for Machine
B and C that adds each others network to their route table.
Next
Previous
Contents
| 
Free eBook: 
