Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


GRE Tunnel question
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

GRE Tunnel question

FAT32FAT32 Administrator, Deal Compiler Extraordinaire
edited August 2018 in Help

This is a very basic question but I am still playing around with tunneling. There are 2 machines: A and B


I have set up a virtual interface that bridged with another interface in machine A. That virtual interface are set up as follow:

auto br1
iface br1 inet static
address 10.0.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o br0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o br0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i br0 -p tcp --dport 1234 -j DNAT --to 10.0.0.100:22
post-down iptables -t nat -D PREROUTING -i br0 -p tcp --dport 1234 -j DNAT --to 10.0.0.100:22


Then, I have also set up a GRE tunnel between machine A and B.

Machine A:

iptunnel add gre1 mode gre local A.A.A.A remote B.B.B.B ttl 255
ip addr add 192.168.0.1/24 dev gre1
ip link set gre1 up

Machine B:

iptunnel add gre1 mode gre local B.B.B.B remote A.A.A.A ttl 255
ip addr add 192.168.0.2/24 dev gre1
ip link set gre1 up


However, I am unable to access Machine B's private network from Machine A using ssh [email protected] -p 1234 however ssh [email protected] -p 1234 works, what is wrong here? Thanks in advance!

Comments

  • Did you add the usual GRE entries to your sysctl.conf ?
    sysctl -w net.ipv4.conf.all.arp_ignore=3 net.ipv4.conf.all.arp_announce=2
    sysctl -w net.ipv4.conf.all.rp_filter=0
    sysctl -w net.ipv4.conf.gre0.rp_filter=0

    Thanked by 1FAT32
  • FAT32FAT32 Administrator, Deal Compiler Extraordinaire

    @pixievps said:
    Did you add the usual GRE entries to your sysctl.conf ?
    sysctl -w net.ipv4.conf.all.arp_ignore=3 net.ipv4.conf.all.arp_announce=2
    sysctl -w net.ipv4.conf.all.rp_filter=0
    sysctl -w net.ipv4.conf.gre0.rp_filter=0

    Thanks for your comment, just added but still get connection refused

  • ClouviderClouvider Member, Patron Provider

    @FAT32 said:

    @pixievps said:
    Did you add the usual GRE entries to your sysctl.conf ?
    sysctl -w net.ipv4.conf.all.arp_ignore=3 net.ipv4.conf.all.arp_announce=2
    sysctl -w net.ipv4.conf.all.rp_filter=0
    sysctl -w net.ipv4.conf.gre0.rp_filter=0

    Thanks for your comment, just added but still get connection refused

    Without reading much, refused or timed out ? That’s a hell of a difference.

  • FAT32FAT32 Administrator, Deal Compiler Extraordinaire

    @Clouvider said:

    Without reading much, refused or timed out ? That’s a hell of a difference.

    Connection refused

  • ClouviderClouvider Member, Patron Provider

    You sure SSH is listening on that IP and that tuere’s No firewall rule preventing it from connecting ? You clearly have connectivity if you can see connection refused.

  • FAT32FAT32 Administrator, Deal Compiler Extraordinaire
    edited August 2018

    @Clouvider said:
    You sure SSH is listening on that IP and that tuere’s No firewall rule preventing it from connecting ? You clearly have connectivity if you can see connection refused.

    Make sense, I keep looking at my tunneling configuration but it seems it is networking configuration problem.

    eth0 <- Bridge -> br0 <- Bridge -> br1

    br0
    IP: A.A.A.A (Public IP)

    br1
    IP: 10.0.0.254/24

    VM (eth0)
    IP: 10.0.0.100/24
    Gateway: 10.0.0.254

    Port forwarding rule:
    iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o br0 -j MASQUERADE
    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 1234 -j DNAT --to 10.0.0.100:22


    In machine A, I get connection refused on ssh [email protected] -p 1234, but ssh [email protected] -p 22 works fine

Sign In or Register to comment.