LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-18-2015, 04:20 PM   #1
Yazeed98
LQ Newbie
 
Registered: May 2014
Posts: 29

Rep: Reputation: Disabled
Smile Gre tunnel redirect.


Hello LinuxQuestions, I want to ask question about gre tunnel, I have made it work and the ping between two servers is working fine (the tutorial: http://wiki.buyvm.net/doku.php/gre_tunnel) but the issue that I have is when I am using that command:
iptables -t nat -A PREROUTING -d YOUR_FILTERED_IP -j DNAT --to-destination 192.168.168.2 -p tcp --dport 80
iptables -A FORWARD -d 192.168.168.2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -p tcp --dport 80

it works fine with the TCP and show the real ip but I can't do it with udp port(9987, TEAMSPEAK PORT):
iptables -t nat -A PREROUTING -d YOUR_FILTERED_IP -j DNAT --to-destination 192.168.168.2 -p udp --dport 9987
iptables -A FORWARD -d 192.168.168.2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -p udp --dport 9987

it failed to connect the server.
Any advice about that?

Thanks alot.

Last edited by Yazeed98; 12-18-2015 at 04:21 PM.
 
Old 12-18-2015, 04:48 PM   #2
brebs
Member
 
Registered: May 2013
Posts: 88

Rep: Reputation: Disabled
UDP is stateless, so you should probably remove the "-m state --state NEW,ESTABLISHED,RELATED".
 
Old 12-19-2015, 02:40 AM   #3
Yazeed98
LQ Newbie
 
Registered: May 2014
Posts: 29

Original Poster
Rep: Reputation: Disabled
Thanks for replaying,
I have tried to do this
iptables -t nat -A PREROUTING -d FILTERIP -j DNAT --to-destination 192.168.168.2 -p udp --dport 9987
iptables -A FORWARD -d 192.168.168.2 -j ACCEPT -p udp --dport 9987

but samething It won't connect/redirect to main server.
 
Old 12-19-2015, 03:56 AM   #4
brebs
Member
 
Registered: May 2013
Posts: 88

Rep: Reputation: Disabled
As usual, use tcpdump to see the *actual* traffic.
 
Old 12-19-2015, 05:24 AM   #5
Yazeed98
LQ Newbie
 
Registered: May 2014
Posts: 29

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by brebs View Post
As usual, use tcpdump to see the *actual* traffic.
I have fixed the problem by listening the server to "192.168.168.2"
but the main IP can't connect to the server so
FILTEREDIP > SERVER-A = Worked fine but
MAIN-IP of server-A won't work..

any advice?

thanks alot.
 
Old 12-25-2015, 05:11 AM   #6
Yazeed98
LQ Newbie
 
Registered: May 2014
Posts: 29

Original Poster
Rep: Reputation: Disabled

Update:
The tunnel works fine and the ping works fine, I also tested this command to port 80 (Apache):

Server-1

iptables -t nat -A PREROUTING -d S1-Public-IP -j DNAT --to-destination 192.168.10.2 -p udp --dport 9987
iptables -A FORWARD -d 192.168.10.2 -j ACCEPT -p udp --dport 9987
Server-2

iptables -t nat -A PREROUTING -d S2-Public-IP -j DNAT --to-destination 192.168.168.2 -p udp --dport 9987
iptables -A FORWARD -d 192.168.168.2 -j ACCEPT -p udp --dport 9987
And the apache worked between them

http: //Mainip/ < main ip

http: //S1-IP/ < gre1 (192.168.10.2)

http: //S2-IP/ < gre2 (192.168.168.2)

I want to make it with teamspeak server (UDP), but I can only bind to one IP (192.168.10.2 or 192.168.168.2 or main IP) If I bind to gre1, only IPs from gre1 tunnel can access the server; others cannot.

I have tried to bind to 0.0.0.0 but it only binds to the main IP.

Note: these are the commands I used to make the GRE tunnel:
http://pastebin.com/STDRmGa6

Any advice ?
Thanks for your time.

Last edited by Yazeed98; 12-25-2015 at 05:16 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
redirect all internet traffic to another server using gre tunnel Night_Fall Linux - Networking 0 06-15-2012 05:16 PM
Keep Alive GRE Tunnel gmarzilli Linux - Networking 0 01-19-2010 07:47 AM
GRE tunnel nima0102 Linux - Networking 1 07-28-2009 01:12 PM
GRE Tunnel Not Working doctorcisco Linux - Networking 2 04-19-2009 05:29 AM
Question about a GRE Tunnel zerounu Linux - Networking 1 03-09-2004 09:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration