All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
GRE Tunnel question
This is a very basic question but I am still playing around with tunneling. There are 2 machines: A and B
I have set up a virtual interface that bridged with another interface in machine A. That virtual interface are set up as follow:
auto br1
iface br1 inet static
address 10.0.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o br0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o br0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i br0 -p tcp --dport 1234 -j DNAT --to 10.0.0.100:22
post-down iptables -t nat -D PREROUTING -i br0 -p tcp --dport 1234 -j DNAT --to 10.0.0.100:22
Then, I have also set up a GRE tunnel between machine A and B.
Machine A:
iptunnel add gre1 mode gre local A.A.A.A remote B.B.B.B ttl 255
ip addr add 192.168.0.1/24 dev gre1
ip link set gre1 up
Machine B:
iptunnel add gre1 mode gre local B.B.B.B remote A.A.A.A ttl 255
ip addr add 192.168.0.2/24 dev gre1
ip link set gre1 up
However, I am unable to access Machine B's private network from Machine A using ssh [email protected] -p 1234
however ssh [email protected] -p 1234
works, what is wrong here? Thanks in advance!
Comments
Did you add the usual GRE entries to your sysctl.conf ?
sysctl -w net.ipv4.conf.all.arp_ignore=3 net.ipv4.conf.all.arp_announce=2
sysctl -w net.ipv4.conf.all.rp_filter=0
sysctl -w net.ipv4.conf.gre0.rp_filter=0
Thanks for your comment, just added but still get connection refused
Without reading much, refused or timed out ? That’s a hell of a difference.
Connection refused
You sure SSH is listening on that IP and that tuere’s No firewall rule preventing it from connecting ? You clearly have connectivity if you can see connection refused.
Make sense, I keep looking at my tunneling configuration but it seems it is networking configuration problem.
eth0 <- Bridge -> br0 <- Bridge -> br1
br0
IP: A.A.A.A (Public IP)
br1
IP: 10.0.0.254/24
VM (eth0)
IP: 10.0.0.100/24
Gateway: 10.0.0.254
Port forwarding rule:
iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o br0 -j MASQUERADE
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 1234 -j DNAT --to 10.0.0.100:22
In machine A, I get connection refused on
ssh [email protected] -p 1234
, butssh [email protected] -p 22
works fine