Line 213: |
Line 213: |
| == GRE Tunnel == | | == GRE Tunnel == |
| {{go to top}} | | {{go to top}} |
| + | GRE Tunnels |
| + | |
| + | ===Public/Private VM tunnel=== |
| + | GRE tunnels are useful for connecting a VM in a private/home network to the internet via a public server/VM. The following information will connect Server A (public server) to Server B (private server), and allow requests to Server B to be passed to Server A's resources for use on the Internet. |
| + | |
| + | ====Configuration==== |
| + | '''IP addresses''' |
| + | * Server A will have a public IP of 30.30.30.30/24 and the GRE interface will be assigned 192.168.168.1/30 |
| + | * Server B will have a private IP of 10.0.0.50/24, a public IP of 40.40.40.40/24 and the GRE interface will be assigned 192.168.168.2/30 |
| + | '''Ports''' |
| + | * Ports 22, 80 and 443 will be forwarded over the GRE tunnel |
| + | |
| + | =====Server A (Public)===== |
| + | Copy the following to /etc/gre.sh |
| + | <syntaxhighlight lang="bash"> |
| + | #!/bin/sh |
| + | ip tunnel add gre1 mode gre local 10.0.0.50 remote 40.40.40.40 ttl 255 |
| + | ip add add 192.168.168.1/30 dev gre1 |
| + | ip link set gre1 up |
| + | |
| + | iptables -t nat -A POSTROUTING -s 192.168.168.0/30 ! -o gre+ -j SNAT --to-source 30.30.30.30 |
| + | iptables -A FORWARD -d 192.168.168.2 -m state --state NEW.ESTABLISHED,RELATED -j ACCEPT |
| + | iptables -A FORWARD -d 192.168.168.2 -m state --state NEW.ESTABLISHED,RELATED -j ACCEPT |
| + | |
| + | iptables -t nat -A PREROUTING -d 30.30.30.30 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.168.2 |
| + | iptables -t nat -A PREROUTING -d 30.30.30.30 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.168.2 |
| + | iptables -t nat -A PREROUTING -d 30.30.30.30 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.168.2 |
| + | </syntaxhighlight> |
| + | |
| + | =====Server B (Private)===== |
| + | * Add the following to /etc/iproute2/rt_tables<syntaxhighlight lang="text"> |
| + | 100 GRE</syntaxhighlight> |
| + | * Copy the following to /etc/gre.sh |
| + | <syntaxhighlight lang="bash"> |
| + | #!/bin/sh |
| + | iptunnel add gre1 mode gre local 10.0.0.50 remote 30.30.30.30 ttl 255 |
| + | ip addr add 192.168.168.2/30 dev gre1 |
| + | ip link set gre1 up |
| + | |
| + | ip rule add from 192.168.168.0/30 table GRE |
| + | ip route add default via 192.168.168.1 table GRE |
| + | </syntaxhighlight> |
| | | |
| ==L2TP Ethernet Pseudowires== | | ==L2TP Ethernet Pseudowires== |