This post is a bit overdue. As I promised earlier, here are instructions for setting up an IP Tunnel between a SLAVE server that has some IPs associated with it and a MASTER server that acts as your injector. *** Special thanks to Nickphx for helping me figure this out. *** Let's assume the MASTER has the following IPs: Public IP 1.1.1.1 Private IP Range 192.168.1.0/24 And the SLAVE: Public IP 2.2.2.2 IP Range 2.2.3.0/24 You need to enable ip forwarding, proxy_arp, and disable rp_filter on the SLAVE. To do that: Code: SLAVE # sysctl -w net.ipv4.conf.all.forwarding=1 SLAVE # sysctl -w net.ipv4.ip_forward=1 SLAVE # sysctl -w net.ipv4.conf.all.proxy_arp=1 SLAVE # sysctl -w net.ipv4.conf.eth0.rp_filter=0 SLAVE # sysctl -w net.ipv4.conf.tun0.rp_filter=0 Then, create the tunnel on the MASTER: Code: MASTER # modprobe ip_gre MASTER # ip tunnel add tun0 mode gre local 1.1.1.1 remote 2.2.2.2 MASTER # ip link set dev tun0 up MASTER # ip addr add 192.168.1.0/24 dev rtr MASTER # ip route add dev tun0 2.2.3.0/24 To test, use netcat to connect to an MX server from the MASTER, binding to one of the new IPs from the SLAVE: Code: MASTER # nc -s 2.2.3.100 b.mx.mail.yahoo.com 25 Hopefully this is helpful to someone else!
Your instructions were missing a few key items.. You need to also create a tunnel from slave to master and add a route for the shared ips to the tunnel's IP.. You do not need to set a route for the 2.2.3.0/24 via the tunnel..
I'm also trying to tunnel some servers. Could anyone elaborate what "Private IP Range" means here? I've read some articles and it seems I need to assume a private range, right?
Thanks very much SG. Much clear now. I have googled a whole afternoon for tunneling and tested on my servers but not sure if it's right. so could you take a look at the following code? ( i also hope this can be a complete guide for other guys) -------------------------------------------------------------------------------------------- Master Server:106.61.58.96/29, so useable IPs: 98-102, main IP: 106.61.58.98. nic eth0 Slave Server:98.123.87.95/27, so usable IPs: 97-125, main IP: 98.123.87.97 nic eth0 I will tunnel ips from slave server to master server. On the slave server: Code: chkconfig iptables off service iptables stop sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv4.conf.all.forwarding=1 sysctl -w net.ipv4.conf.proxy_arp=1 sysctl -w net.ipv4.conf.all.proxy_arp=1 sysctl -w net.ipv4.conf.eth0.rp_filter=0 sysctl -w net.ipv4.conf.default.rp_filter=0 modprobe ip_gre ip tunnel add tunx mode gre remote 106.61.58.98 local 98.123.87.97 ttl 255 ip addr add 10.0.2.0/24 dev tunx ip link set tunx up ip route add 98.123.87.95/27 dev tunx on the master server: Code: chkconfig iptables off service iptables stop sysctl -w net.ipv4.conf.default.rp_filter=0 modprobe ip_gre ip tunnel add tun1 mode gre remote 98.123.87.97 local 106.61.58.98 ttl 255 ip addr add 10.0.1.0/24 dev tun1 ip link set dev tun1 up ip addr add 98.123.87.95/27 dev eth0 Are those codes right? I've tested using my servers, but how can i test if I'm right? And I have two questions: 1) I need to add slave server's IP into the platform on my master server. What IP and netmask should I use? 98.123.87.95/27 and 255.255.255.224 or 10.0.2.0/27 and 255.255.255.224? 2) Is there a case that tunneling is disconnected by accident?
Should these two private network IP range be in the same block like: Master: 10.0.250.1/24 Slave: 10.0.250.2/24 Or in different block like: Master: 10.0.2.0/24 Slave:10.0.3.0/24 ? And when using command "ip addr add X.X.X.X", X.X.X.X should be one single IP or a CIDR block like X.X.X.X/29? I have been searching for a long time and i'm not sure which is correct.
They should be in the same subnet. Also add by /30.. no need to add by /24. on machine #1 [machine that will use ips from tunnel] : ip add add 10.0.250.1/30 dev tunnel_dev on machine #2 [machine that is source of ips]: ip add add 10.0.250.2/30 dev tunnel_dev if you're tunneling 1.2.3.0/24: on machine #2 [machine that is source of ips]: ip route add 1.2.3.0/24 via 10.0.250.2
thanks nickphx and SG, tunneling problem has been solved. seems my ISP softlayer doesn't allow GRE tunneling, so my next step is to find a good hosting. Anyone know other ISPs that don't allow GRE tunneling?
They allow GRE tunneling. What they do not allow is traffic to egress from their network from IP space they do not route. They're the only one I can think of at the moment.
I have been able to tunnel ips to several hosting companies, including linode. But, my method is slightly different... it amounts to the same thing though. I don't turn off rp-filter, is that necessary? I haven't had any problems what so ever.
Please Help me............................ . Hello I have purchased 2 dedicated server 1 server from USA and 2nd server from India, I want to use USA's server IP on indian server via GRE Tunnel. 1 Server IPs is 206.214.68.0/27 usable ips 206.214.68.2 - 30. 2nd server IP 103.243.47.81 Thanks Sanjay Gehlot AVP Digital Media Pvt. Ltd.
Hey Sanjay, Sorry I cannot help you with your setup but as stated above its not a wise idea to share the IPs you have available... ----------- Krista Barrack 1-866-903-9164 x164 [email protected] www.xverify.com
Everything you need is in this thread.. Asking for someone to spell it out for you when it's already spelled out is just lazy.
