LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Trying to get a firewall to only accept GRE (https://www.linuxquestions.org/questions/linux-networking-3/trying-to-get-a-firewall-to-only-accept-gre-4175629917/)

Thansen971 05-17-2018 06:33 PM
Trying to get a firewall to only accept GRE
 
I have PC1 going to Router1 going to firewall going to Router2 going to PC2. This seems like a simple solution but i cannot get it to work.

All it has to do is accept any GRE traffic and drop everything else. It seems like its only pinging correctly when sent directly to the router or firewall but when I ping from pc to pc it ignores the rule completely.

https://imgur.com/a/e1x9mor
https://imgur.com/a/HbJal63

Above are what i have so far. Any help would be greatly appreciated.

/dev/random 05-18-2018 12:56 PM
Quote:
Originally Posted by Thansen971 (Post 5856104)
I have PC1 going to Router1 going to firewall going to Router2 going to PC2. This seems like a simple solution but i cannot get it to work.

All it has to do is accept any GRE traffic and drop everything else. It seems like its only pinging correctly when sent directly to the router or firewall but when I ping from pc to pc it ignores the rule completely.

https://imgur.com/a/e1x9mor
https://imgur.com/a/HbJal63

Above are what i have so far. Any help would be greatly appreciated.
Try something like this:

modprobe nf_conntrack_proto_gre

Code:
tunnel_server_ip=217.x.x.x
false_ip=192.168.2.2
real_ip=82.x.x.x
/sbin/iptables -t nat -A PREROUTING -p 47 --src $tunnel_server_ip -j DNAT --to-destination $false_ip
/sbin/iptables -t nat -A POSTROUTING nat -p 47 --src $false_ip -j SNAT --to-source $real_ip   
/sbin/iptables -A INPUT -p 47 -j ACCEPT
This will effectively NAT all your GRE traffic.


All times are GMT -5. The time now is 07:27 AM.