Hi everyone, first I appologise for the medium-long post. I read some of the tuturialshere for gre tunnels and tested a lot on the net too. I have a problem with gre tunnels wich is not working the way I want: Take all internet traffic from a dedicated I own and forward it to another server. SERVER A: eth0 => 69.195.147.2 eth0:1 => 69.195.147.3 <- I also have a /24 range but only but one ip to simplify the situation SERVER B: eth0 => 64.79.86.82 I want to send all traffic coming into 69.195.147.3 to SERVER B and be able to use this ip on server B to bind services. So I added a gre tunnel between those two servers: SERVER A: iptunnel add tunX mode gre remote 64.79.86.82 local 69.195.147.2 ttl 225 ifconfig tunX 10.0.201.1/24 ifconfig tunX up SERVER B: iptunnel add tunX mode gre remote 69.195.147.2 local 64.79.86.82 ttl 225 ifconfig tunX 10.0.201.2/24 ifconfig tunX up ip add add 69.195.147.3 dev eth0 Great! I can ping the SERVER B from SERVER A and vice versa But the thing I tried with routes after is that all traffic coming to 69.195.147.3 goes into tunnel and all services on the SERVER B are reachable when I connect to 69.195.147.3 (ssh / http / etc) Can someone help me please this I'm trying to get rid of this problem for 2 days now, tested a lot of routes etc Thanks a lot in advance for your help
If you read the other posts here you would know you're missing several very important sysctl settings.. also make sure iptables is not active on either host.
Hi, I have already did the sysctl things, otherwize I won't be able to ping each side of the interface. Code: [root@SERVERA ~]# grep . `find /proc/sys -name rp_filter` /proc/sys/net/ipv4/conf/tunX/rp_filter:0 /proc/sys/net/ipv4/conf/eth0/rp_filter:0 /proc/sys/net/ipv4/conf/lo/rp_filter:0 /proc/sys/net/ipv4/conf/default/rp_filter:0 /proc/sys/net/ipv4/conf/all/rp_filter:0 [root@SERVERA ~]# grep . `find /proc/sys -name proxy_arp` /proc/sys/net/ipv4/conf/tunX/proxy_arp:1 /proc/sys/net/ipv4/conf/eth0/proxy_arp:1 /proc/sys/net/ipv4/conf/lo/proxy_arp:1 /proc/sys/net/ipv4/conf/default/proxy_arp:1 /proc/sys/net/ipv4/conf/all/proxy_arp:1 [root@SERVERA ~]# grep . `find /proc/sys -name ip_forward` 1 Code: root@SERVERB: ~# grep . `find /proc/sys -name rp_filter` /proc/sys/net/ipv4/conf/all/rp_filter:0 /proc/sys/net/ipv4/conf/default/rp_filter:0 /proc/sys/net/ipv4/conf/lo/rp_filter:0 /proc/sys/net/ipv4/conf/eth0/rp_filter:0 /proc/sys/net/ipv4/conf/gre0/rp_filter:0 /proc/sys/net/ipv4/conf/tunX/rp_filter:0 root@SERVERB:~# grep . `find /proc/sys -name proxy_arp` /proc/sys/net/ipv4/conf/all/proxy_arp:1 /proc/sys/net/ipv4/conf/default/proxy_arp:1 /proc/sys/net/ipv4/conf/lo/proxy_arp:1 /proc/sys/net/ipv4/conf/eth0/proxy_arp:1 /proc/sys/net/ipv4/conf/gre0/proxy_arp:1 /proc/sys/net/ipv4/conf/tunX/proxy_arp:1 root@SERVERB:~# grep . `find /proc/sys -name ip_forward` 1 Also I already put iptables off for both servers...
What is exactly what you want to do, to be able to bind 147.3 at server B? What is exactly the problem you're having: when you connect to a port at 147.3 server A picks up instead of server B?
Yes exactly, and I also want if I am at my home computer or any other computer that the traffic is redirected from server a to server b Yes once I connect to 147.3 for example ssh / http / smtp , server A reply and I want server A send the request to server B and then server B reply by using the server A ip
Then you have 147.3 bound to server A. Shutdown that interface and try again also make sure you have a route at server A: route add 69.195.147.3 gw 10.0.201.1 and server B: route add 69.195.147.3 This way you'll be using upstream traffic from server B, and downstream at server A, then the tunnel, then server B
Code: [root@SERVERB ~]# route add 69.195.147.3 SIOCADDRT: No such device so I assume you mean redirect traffic to tunnel I typed route add 69.195.147.3 dev tunX I killed the .147.3 interface and put it up again it but it didn't work I really don't know why. I had already tested those routes. EDIT: When I say it doesn't work I mean I try to connect to port 80 of 69.195.147.3 with a browser from my local computer and I get a : "Oops! Google Chrome could not connect to 69.195.147.3" web service is not enabled on SERVERA but nginx is running on SERVERB I'll paste here my route config and interfaces for both server maybe this will help: SERVER A ------------------------------------------------------------ Code: [root@SERVERA ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:11:43:B0:8B:AB inet addr:69.195.147.2 Bcast:69.195.147.255 Mask:255.255.255.0 inet6 addr: fe80::211:43ff:feb0:8bab/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:230218 errors:0 dropped:0 overruns:0 frame:0 TX packets:31192 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:16432694 (15.6 MiB) TX bytes:4610302 (4.3 MiB) Interrupt:169 Memory:dfcf0000-dfd00000 eth0:1 Link encap:Ethernet HWaddr 00:11:43:B0:8B:AB inet addr:69.195.147.3 Bcast:69.195.147.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:169 Memory:dfcf0000-dfd00000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:86 errors:0 dropped:0 overruns:0 frame:0 TX packets:86 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9144 (8.9 KiB) TX bytes:9144 (8.9 KiB) tunX Link encap:UNSPEC HWaddr 45-C3-92-02-F9-BF-F8-AE-00-00-00-00-00-00-00-00 inet addr:10.0.201.1 P-t-P:10.0.201.1 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1 RX packets:166 errors:0 dropped:0 overruns:0 frame:0 TX packets:172 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10152 (9.9 KiB) TX bytes:14600 (14.2 KiB) Code: [root@SERVERA ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface twart.expert243 10.0.201.1 255.255.255.255 UGH 0 0 0 tunX 69.195.147.0 * 255.255.255.0 U 0 0 0 eth0 10.0.201.0 * 255.255.255.0 U 0 0 0 tunX 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 default 69.195.147.1 0.0.0.0 UG 0 0 0 eth0 SERVER B -------------------------------------------------------- Code: root@SERVERB:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:19:d1:49:e3:10 inet addr:64.79.86.82 Bcast:64.79.86.87 Mask:255.255.255.248 inet6 addr: fe80::219:d1ff:fe49:e310/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:950548 errors:0 dropped:0 overruns:0 frame:0 TX packets:1041924 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:99371125 (94.7 MiB) TX bytes:188124257 (179.4 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:775003 errors:0 dropped:0 overruns:0 frame:0 TX packets:775003 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:92458072 (88.1 MiB) TX bytes:92458072 (88.1 MiB) tunX Link encap:UNSPEC HWaddr 40-4F-55-52-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.0.201.2 P-t-P:10.0.201.2 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1 RX packets:172 errors:0 dropped:0 overruns:0 frame:0 TX packets:166 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10472 (10.2 KiB) TX bytes:10152 (9.9 KiB) Code: root@SERVERB:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface twart.expert243 * 255.255.255.255 UH 0 0 0 tunX 64.79.86.80 * 255.255.255.248 U 0 0 0 eth0 64.79.86.224 * 255.255.255.224 U 0 0 0 eth0 64.79.86.128 * 255.255.255.224 U 0 0 0 eth0 10.0.201.0 * 255.255.255.0 U 0 0 0 tunX default 51.55.4f.static 0.0.0.0 UG 0 0 0 eth0 So here's the route and ifconfig output for both servers
Server A: ifconfig eth0:1 down route add 69.195.147.3 gw 10.0.201.1 Server B: ifconfig eth0:1 69.195.147.3 netmask 255.255.255.0
This is not working again, but this time when I connect with my browser this take forever before saying the connection is rejected.
SERVERA: Code: [root@SERVERA ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:11:43:B0:8B:AB inet addr:69.195.147.2 Bcast:69.195.147.255 Mask:255.255.255.0 inet6 addr: fe80::211:43ff:feb0:8bab/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4042 errors:0 dropped:0 overruns:0 frame:0 TX packets:862 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:299043 (292.0 KiB) TX bytes:120735 (117.9 KiB) Interrupt:169 Memory:dfcf0000-dfd00000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:20 errors:0 dropped:0 overruns:0 frame:0 TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1568 (1.5 KiB) TX bytes:1568 (1.5 KiB) tunX Link encap:UNSPEC HWaddr 45-C3-92-02-C2-BF-28-78-00-00-00-00-00-00-00-00 inet addr:10.0.201.1 P-t-P:10.0.201.1 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:38 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1008 (1008.0 b) TX bytes:4104 (4.0 KiB) Code: [root@SERVERA ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 69.195.147.3 10.0.201.1 255.255.255.255 UGH 0 0 0 tunX 69.195.147.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.0.201.0 0.0.0.0 255.255.255.0 U 0 0 0 tunX 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 69.195.147.1 0.0.0.0 UG 0 0 0 eth0 SERVER B: Code: root@SERVERB:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:19:d1:49:e3:10 inet addr:64.79.86.82 Bcast:64.79.86.87 Mask:255.255.255.248 inet6 addr: fe80::219:d1ff:fe49:e310/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:126653 errors:0 dropped:0 overruns:0 frame:0 TX packets:137791 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:12250883 (11.6 MiB) TX bytes:23102637 (22.0 MiB) eth0:1 Link encap:Ethernet HWaddr 00:19:d1:49:e3:10 inet addr:69.195.147.3 Bcast:69.195.147.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:130107 errors:0 dropped:0 overruns:0 frame:0 TX packets:130107 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:15395678 (14.6 MiB) TX bytes:15395678 (14.6 MiB) tunX Link encap:UNSPEC HWaddr 40-4F-55-52-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.0.201.2 P-t-P:10.0.201.2 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1 RX packets:68 errors:0 dropped:0 overruns:0 frame:0 TX packets:60 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5712 (5.5 KiB) TX bytes:5040 (4.9 KiB) Code: root@SERVERB:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 64.79.86.80 0.0.0.0 255.255.255.248 U 0 0 0 eth0 64.79.86.224 0.0.0.0 255.255.255.224 U 0 0 0 eth0 64.79.86.128 0.0.0.0 255.255.255.224 U 0 0 0 eth0 69.195.147.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.0.201.0 0.0.0.0 255.255.255.0 U 0 0 0 tunX 0.0.0.0 64.79.86.81 0.0.0.0 UG 0 0 0 eth0
That's the proper interface config and the proper routing table at both servers -- now is time to look somewhere else
When I put the eth0:1 up at server B I cannot ping the other gateway of the tunnel : server A ping 10.0.201.2 didn't respond when I have server B eth0:1 up but once I down the eth0:1 on server B i can ping the 10.0.201.2 from server A maybe this can help ?
The issue was that his provider at server B was not routing un-announced upstream but only for specific ranges (their own). His routing table is all set now and the interface config done properly
Thanks to every people helping me, I'm waiting for the reply of my provider. Special thanks to DAgent, I ow' you one bro
Can you ping the tunneled IPs from another server? Have you restarted your web server after adding the ip?