9. Connecting to the WAN

At this point your cipe interface should be up and running. Try pinging machines on the other network(s). If you cannot ping check the following on the firewall machine:

• Check that forwarding is enabled in the kernel.
• Do an ifconfig to check if the cipe interface is up.

  cipcb0  Link encap:IPIP Tunnel  HWaddr   
          inet addr:192.168.1.1  P-t-P:192.168.2.1  Mask:255.255.255.255
          UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
          RX packets:28163 errors:6 dropped:0 overruns:0 frame:6
          TX packets:29325 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
  

• Check the route table for a host entry for the other cipe host on the cipe interface.

  192.168.2.1    *      255.255.255.255 UH    0   0        0 cipcb0 
  

• Check the route table for a network entry to the other network(s) on the cipe interface.

  192.168.2.0    *      255.255.255.0   U     0   0        0  cipcb0
  

• Check the log files for any error messages.

If your other machines behind your firewall cannot access machines behind the other firewall check that the gateway is properly setup on both ends.

Once you are able to ping, ftp, telnet, etc. to machines on the other network, the next step is to get your networks to see each other and access each other using SAMBA browsing. A few hints: lmhosts or wins server is required, trusted domains for NT. I have set these up, but that is not the purpose of this document (at least not for now).

If you used the example firewall masquerading script, then all of your machines should also be able to connect to the internet. If you cannot, then you might want to check the log files. You may also want to try using tcpdump to see what is happening with the packets.