MichealC4
Programmer
- Jun 26, 2003
- 457
I have a server that is is behind a GRE tunnel. This much works. I can get to the server with the GRE tunnel. What doesn't work is then a masquerade setup that works without the gre tunnel.
So this is what things look like:
GRE-->iptables-->server
^ Entry here ends at iptables
^ Entry here correctly ends at server
I can get to the final server through the iptables with my existing iptables setup. I can get to the iptables from the GRE tunnel. I can't get all the way through. Here are what my iptables look like:
iptables -t nat -A PREROUTING -p tcp --dport ' + $port + ' -j DNAT --to-destination ' + $ip + ':' + $port
iptables -t nat -A PREROUTING -p udp --dport ' + $port + ' -j DNAT --to-destination ' + $ip + ':' + $port
iptables -t nat -A POSTROUTING -j MASQUERADE
This works just fine as-is. I don't currently disallow any traffic, so protocol 47 isn't blocked.
I can't for the life of me figure out why this doesn't work with the GRE. Any ideas?
----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
So this is what things look like:
GRE-->iptables-->server
^ Entry here ends at iptables
^ Entry here correctly ends at server
I can get to the final server through the iptables with my existing iptables setup. I can get to the iptables from the GRE tunnel. I can't get all the way through. Here are what my iptables look like:
iptables -t nat -A PREROUTING -p tcp --dport ' + $port + ' -j DNAT --to-destination ' + $ip + ':' + $port
iptables -t nat -A PREROUTING -p udp --dport ' + $port + ' -j DNAT --to-destination ' + $ip + ':' + $port
iptables -t nat -A POSTROUTING -j MASQUERADE
This works just fine as-is. I don't currently disallow any traffic, so protocol 47 isn't blocked.
I can't for the life of me figure out why this doesn't work with the GRE. Any ideas?
----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt