On 27-12-14 12:00, Marius Petrescu wrote:
Actually the problem is at the tunnel interface, not at ripd...
Check your firewall setting so that you accept proto 4/IPIP from your rip2 broadcast source as you can see it in yout tcpdump trace.
Right. the firewall was the problem. I had gone over the firewall script over and over again, to look for the problem. Couldn't find a problem. I was convinced that the problem must be somewhere else, e.g. creation of the tunnel interface, of a kernel thing, or whatever.
I did not dare completely disabling the firewall because the server is doing a lot of other things apart from being the ampr Gw. But when I finally disabled the firewall anyway, and everything related to the tunnel worked.
The INPUT policy was set to DROP and I already had these 2 lines in the firewall script:
/usr/sbin/iptables -A INPUT -p ipip -j ACCEPT /usr/sbin/iptables -A INPUT -p udp --dport 520 -j ACCEPT
But apparently that was not enough. It all worked after adding this two lines also.
/usr/sbin/iptables -A INPUT -s 169.228.66.251 -j ACCEPT # amprgw.sysnet.ucsd.edu /usr/sbin/iptables -A INPUT -s 213.222.29.194 -j ACCEPT # gw-44-137-ext.ampr.org
It really helps to have this mailinglist. Of course because of the responses, but it also helps to yourself to get your thoughts straight while describing the problem.
Thanks Marius and others for all your help.
73 PE1ICQ //Arno