/sbin/service iptables stop && /sbin/service iptables save /sbin/chkconfig iptables off
and then want to see the ip assignments and routes when you think you have it runningL
netstat -rn
on the Linux side, and a statement of what the remote IP and destination subnet and mask are.
Then, remember that tcpdump is a good friend -- some techinques for use are toward the top of:
in a mail context, but there is an ICMP example in there as well which will help.
# cat /etc/sysctl.conf kernel.sysrq=0 net.ipv4.ip_forward=1 net.ipv4.conf.default.accept_source_route=0 net.ipv4.conf.default.rp_filter=1 kernel.core_uses_pid=1
I have already tried disabling iptables, but when pptpclient makes the connection it readds rules to iptables. I ran the commands you suggested, I still have to manually go in and flush after pptpclient runs.
The routes are there when I run netstat -rn.
Looking at tcpdump and how I should run it, but ehre's what I've tried so far:
**** Try 1 **** I tried running it with, host is the machine on my network initiating a ping to something on the remote side, eth0 local interface on router: tcpdump -i eth0 -nN -xX -s 1500 host 192.168.1.30
I can see in tcpdump that it gets the request, but no response ever comes through. ****
**** Try 2 **** Next, host is the machine on my network initiating a ping to something on the remote side, ppp0 is VPN interface on router: tcpdump -i ppp0 -nN -xX -s 1500 host 192.168.1.30
From a client I try to ping something on the other side and I can see in
tcpdump that it gets the request, but no response ever comes through. ****
**** Try 3 **** Next, host is the machine that I'm trying to ping on the remote side, ppp0 is VPN interface on router: tcpdump -i ppp0 -nN -xX -s 1500 host 10.96.10.1
From a client I try to ping something on the other side and I can see in
tcpdump that it gets the request, but no response ever comes through. ****
Does this mean that the FC3 machine IS definitely routing from eth0 to ppp0 and that the problem is the routing on the remote side? It's not correctly routing back to my network?
Thanks, James