ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors
1,714
edits
Changes
Jump to navigation
Jump to search
Line 213:
Line 213: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→GRE Tunnel
== GRE Tunnel ==
== GRE Tunnel ==
{{go to top}}
{{go to top}}
GRE Tunnels
===Public/Private VM tunnel===
GRE tunnels are useful for connecting a VM in a private/home network to the internet via a public server/VM. The following information will connect Server A (public server) to Server B (private server), and allow requests to Server B to be passed to Server A's resources for use on the Internet.
====Configuration====
'''IP addresses'''
* Server A will have a public IP of 30.30.30.30/24 and the GRE interface will be assigned 192.168.168.1/30
* Server B will have a private IP of 10.0.0.50/24, a public IP of 40.40.40.40/24 and the GRE interface will be assigned 192.168.168.2/30
'''Ports'''
* Ports 22, 80 and 443 will be forwarded over the GRE tunnel
=====Server A (Public)=====
Copy the following to /etc/gre.sh
<syntaxhighlight lang="bash">
#!/bin/sh
ip tunnel add gre1 mode gre local 10.0.0.50 remote 40.40.40.40 ttl 255
ip add add 192.168.168.1/30 dev gre1
ip link set gre1 up
iptables -t nat -A POSTROUTING -s 192.168.168.0/30 ! -o gre+ -j SNAT --to-source 30.30.30.30
iptables -A FORWARD -d 192.168.168.2 -m state --state NEW.ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -d 192.168.168.2 -m state --state NEW.ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -d 30.30.30.30 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.168.2
iptables -t nat -A PREROUTING -d 30.30.30.30 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.168.2
iptables -t nat -A PREROUTING -d 30.30.30.30 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.168.2
</syntaxhighlight>
=====Server B (Private)=====
* Add the following to /etc/iproute2/rt_tables<syntaxhighlight lang="text">
100 GRE</syntaxhighlight>
* Copy the following to /etc/gre.sh
<syntaxhighlight lang="bash">
#!/bin/sh
iptunnel add gre1 mode gre local 10.0.0.50 remote 30.30.30.30 ttl 255
ip addr add 192.168.168.2/30 dev gre1
ip link set gre1 up
ip rule add from 192.168.168.0/30 table GRE
ip route add default via 192.168.168.1 table GRE
</syntaxhighlight>
==L2TP Ethernet Pseudowires==
==L2TP Ethernet Pseudowires==