Gre tunnel redirect.
Hello LinuxQuestions, I want to ask question about gre tunnel, I have made it work and the ping between two servers is working fine (the tutorial: http://wiki.buyvm.net/doku.php/gre_tunnel) but the issue that I have is when I am using that command: iptables -t nat -A PREROUTING -d YOUR_FILTERED_IP -j DNAT --to-destination 192.168.168.2 -p tcp --dport 80 iptables -A FORWARD -d 192.168.168.2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -p tcp --dport 80 it works fine with the TCP and show the real ip but I can't do it with udp port(9987, TEAMSPEAK PORT): iptables -t nat -A PREROUTING -d YOUR_FILTERED_IP -j DNAT --to-destination 192.168.168.2 -p udp --dport 9987 iptables -A FORWARD -d 192.168.168.2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -p udp --dport 9987 it failed to connect the server. Any advice about that? Thanks alot. |
UDP is stateless, so you should probably remove the "-m state --state NEW,ESTABLISHED,RELATED".
|
Thanks for replaying,
I have tried to do this iptables -t nat -A PREROUTING -d FILTERIP -j DNAT --to-destination 192.168.168.2 -p udp --dport 9987 iptables -A FORWARD -d 192.168.168.2 -j ACCEPT -p udp --dport 9987 but samething It won't connect/redirect to main server. |
As usual, use tcpdump to see the *actual* traffic.
|
Quote:
but the main IP can't connect to the server so FILTEREDIP > SERVER-A = Worked fine but MAIN-IP of server-A won't work.. any advice? thanks alot. |
Update: The tunnel works fine and the ping works fine, I also tested this command to port 80 (Apache): Server-1 iptables -t nat -A PREROUTING -d S1-Public-IP -j DNAT --to-destination 192.168.10.2 -p udp --dport 9987 iptables -A FORWARD -d 192.168.10.2 -j ACCEPT -p udp --dport 9987 Server-2 iptables -t nat -A PREROUTING -d S2-Public-IP -j DNAT --to-destination 192.168.168.2 -p udp --dport 9987 iptables -A FORWARD -d 192.168.168.2 -j ACCEPT -p udp --dport 9987 And the apache worked between them http: //Mainip/ < main ip http: //S1-IP/ < gre1 (192.168.10.2) http: //S2-IP/ < gre2 (192.168.168.2) I want to make it with teamspeak server (UDP), but I can only bind to one IP (192.168.10.2 or 192.168.168.2 or main IP) If I bind to gre1, only IPs from gre1 tunnel can access the server; others cannot. I have tried to bind to 0.0.0.0 but it only binds to the main IP. Note: these are the commands I used to make the GRE tunnel: http://pastebin.com/STDRmGa6 Any advice ? Thanks for your time. |
All times are GMT -5. The time now is 04:07 AM. |