IP Tunnel Instructions

Discussion in 'Mail Chat' started by reddorado, Jul 16, 2012.

  1. reddorado

    reddorado VIP

    Joined:
    Jan 24, 2012
    Messages:
    86
    Likes Received:
    33
    Trophy Points:
    0
    This post is a bit overdue. As I promised earlier, here are instructions for setting up an IP Tunnel between a SLAVE server that has some IPs associated with it and a MASTER server that acts as your injector.

    *** Special thanks to Nickphx for helping me figure this out. ***

    Let's assume the MASTER has the following IPs:
    Public IP 1.1.1.1
    Private IP Range 192.168.1.0/24

    And the SLAVE:
    Public IP 2.2.2.2
    IP Range 2.2.3.0/24

    You need to enable ip forwarding, proxy_arp, and disable rp_filter on the SLAVE. To do that:

    Code:
    SLAVE # sysctl -w net.ipv4.conf.all.forwarding=1
    SLAVE # sysctl -w net.ipv4.ip_forward=1
    SLAVE # sysctl -w net.ipv4.conf.all.proxy_arp=1
    SLAVE # sysctl -w net.ipv4.conf.eth0.rp_filter=0
    SLAVE # sysctl -w net.ipv4.conf.tun0.rp_filter=0
    

    Then, create the tunnel on the MASTER:

    Code:
    MASTER # modprobe ip_gre
    MASTER # ip tunnel add tun0 mode gre local 1.1.1.1 remote 2.2.2.2
    MASTER # ip link set dev tun0 up
    MASTER # ip addr add 192.168.1.0/24 dev rtr
    MASTER # ip route add dev tun0 2.2.3.0/24
    

    To test, use netcat to connect to an MX server from the MASTER, binding to one of the new IPs from the SLAVE:

    Code:
    MASTER # nc -s 2.2.3.100 b.mx.mail.yahoo.com 25
    
    Hopefully this is helpful to someone else!
     
  2. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    Your instructions were missing a few key items..

    You need to also create a tunnel from slave to master and add a route for the shared ips to the tunnel's IP..

    You do not need to set a route for the 2.2.3.0/24 via the tunnel..
     
  3. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    I'm also trying to tunnel some servers.

    Could anyone elaborate what "Private IP Range" means here?

    I've read some articles and it seems I need to assume a private range, right?
     
  4. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    Thanks very much SG. Much clear now.
    I have googled a whole afternoon for tunneling and tested on my servers but not sure if it's right. so could you take a look at the following code? ( i also hope this can be a complete guide for other guys)

    --------------------------------------------------------------------------------------------

    Master Server:106.61.58.96/29, so useable IPs: 98-102, main IP: 106.61.58.98. nic eth0
    Slave Server:98.123.87.95/27, so usable IPs: 97-125, main IP: 98.123.87.97 nic eth0

    I will tunnel ips from slave server to master server.

    On the slave server:

    Code:
    chkconfig iptables off
    service iptables stop
    
    sysctl -w net.ipv4.ip_forward=1
    sysctl -w net.ipv4.conf.all.forwarding=1
    sysctl -w net.ipv4.conf.proxy_arp=1
    sysctl -w net.ipv4.conf.all.proxy_arp=1
    sysctl -w net.ipv4.conf.eth0.rp_filter=0
    sysctl -w net.ipv4.conf.default.rp_filter=0
    
    
    modprobe ip_gre
    ip tunnel add tunx mode gre remote 106.61.58.98  local 98.123.87.97 ttl 255
    ip addr add 10.0.2.0/24 dev tunx
    ip link set tunx up
    ip route add 98.123.87.95/27 dev tunx
    on the master server:

    Code:
    chkconfig iptables off
    service iptables stop
    sysctl -w net.ipv4.conf.default.rp_filter=0
    
    modprobe ip_gre
    ip tunnel add tun1 mode gre remote 98.123.87.97 local 106.61.58.98 ttl 255
    ip addr add 10.0.1.0/24 dev tun1
    ip link set dev tun1 up
    ip addr add 98.123.87.95/27 dev eth0
    Are those codes right? I've tested using my servers, but how can i test if I'm right?

    And I have two questions:

    1) I need to add slave server's IP into the platform on my master server. What IP and netmask should I use?
    98.123.87.95/27 and 255.255.255.224
    or 10.0.2.0/27 and 255.255.255.224?

    2) Is there a case that tunneling is disconnected by accident?
     
  5. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    SG, thanks very much. learned a lot
     
  6. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    haha, those IPs are fake IPs...:thrasher:
     
  7. CLICKS

    CLICKS New Member

    Joined:
    Sep 12, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Home Page:
    Great post, super useful info here. GJ on rockin the Fake IPs for this example noobking, lol


    :rock:
     
  8. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    there's something wrong with this code and I still can't get it work.
     
    Last edited: Oct 14, 2012
  9. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    Should these two private network IP range be in the same block like:

    Master: 10.0.250.1/24
    Slave: 10.0.250.2/24

    Or in different block like:

    Master: 10.0.2.0/24
    Slave:10.0.3.0/24 ?

    And when using command "ip addr add X.X.X.X", X.X.X.X should be one single IP or a CIDR block like X.X.X.X/29?

    I have been searching for a long time and i'm not sure which is correct.
     
  10. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    They should be in the same subnet. Also add by /30.. no need to add by /24.

    on machine #1 [machine that will use ips from tunnel] : ip add add 10.0.250.1/30 dev tunnel_dev
    on machine #2 [machine that is source of ips]: ip add add 10.0.250.2/30 dev tunnel_dev

    if you're tunneling 1.2.3.0/24:
    on machine #2 [machine that is source of ips]: ip route add 1.2.3.0/24 via 10.0.250.2
     
  11. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    thanks nickphx and SG, tunneling problem has been solved.

    seems my ISP softlayer doesn't allow GRE tunneling, so my next step is to find a good hosting.

    Anyone know other ISPs that don't allow GRE tunneling?
     
  12. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    They allow GRE tunneling. What they do not allow is traffic to egress from their network from IP space they do not route. They're the only one I can think of at the moment.
     
  13. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    :27:thanks!
     
  14. emmanuel

    emmanuel New Member

    Joined:
    Jan 5, 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    I have been able to tunnel ips to several hosting companies, including linode.
    But, my method is slightly different... it amounts to the same thing though.

    I don't turn off rp-filter, is that necessary? I haven't had any problems what so ever.
     
  15. sanjay

    sanjay New Member

    Joined:
    Aug 17, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    0
    Please Help me............................ .
    Hello I have purchased 2 dedicated server 1 server from USA and 2nd server from India,
    I want to use USA's server IP on indian server via GRE Tunnel.
    1 Server IPs is 206.214.68.0/27 usable ips 206.214.68.2 - 30.

    2nd server IP 103.243.47.81




    Thanks
    Sanjay Gehlot
    AVP Digital Media Pvt. Ltd.
     
  16. krista

    krista New Member

    Joined:
    Oct 17, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
  17. ikhkhorig

    ikhkhorig VIP

    Joined:
    Oct 15, 2012
    Messages:
    78
    Likes Received:
    31
    Trophy Points:
    18
    Great post.
     
  18. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    Everything you need is in this thread.. Asking for someone to spell it out for you when it's already spelled out is just lazy.
     
  19. BingeMailer

    BingeMailer VIP

    Joined:
    Dec 8, 2012
    Messages:
    30
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Middle Of Everywhere
    Sanjay got dat Barracuda
     
  20. sanjay

    sanjay New Member

    Joined:
    Aug 17, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    0
    Hello this is not my original Ips.... These ips is only for example.
     

Share This Page