Redirect all internet traffic to another server using gre tunnel

Discussion in 'Noob Central' started by Night_Fall, Jun 16, 2012.

  1. Night_Fall

    Night_Fall Member

    Joined:
    Nov 10, 2011
    Messages:
    39
    Likes Received:
    4
    Trophy Points:
    8
    Gender:
    Male
    Home Page:
    Hi everyone, first I appologise for the medium-long post. I read some of the tuturialshere for gre tunnels and tested a lot on the net too.

    I have a problem with gre tunnels wich is not working the way I want:
    Take all internet traffic from a dedicated I own and forward it to another server.

    SERVER A:
    eth0 => 69.195.147.2
    eth0:1 => 69.195.147.3 <- I also have a /24 range but only but one ip to simplify the situation

    SERVER B:
    eth0 => 64.79.86.82


    I want to send all traffic coming into 69.195.147.3 to SERVER B and be able to use this ip on server B to bind services.

    So I added a gre tunnel between those two servers:

    SERVER A:
    iptunnel add tunX mode gre remote 64.79.86.82 local 69.195.147.2 ttl 225
    ifconfig tunX 10.0.201.1/24
    ifconfig tunX up

    SERVER B:
    iptunnel add tunX mode gre remote 69.195.147.2 local 64.79.86.82 ttl 225
    ifconfig tunX 10.0.201.2/24
    ifconfig tunX up
    ip add add 69.195.147.3 dev eth0

    Great! I can ping the SERVER B from SERVER A and vice versa

    But the thing I tried with routes after is that all traffic coming to 69.195.147.3 goes into tunnel and all services on the SERVER B are reachable when I connect to 69.195.147.3 (ssh / http / etc)

    Can someone help me please this I'm trying to get rid of this problem for 2 days now, tested a lot of routes etc

    Thanks a lot in advance for your help :)
     
  2. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    If you read the other posts here you would know you're missing several very important sysctl settings.. also make sure iptables is not active on either host.
     
  3. Night_Fall

    Night_Fall Member

    Joined:
    Nov 10, 2011
    Messages:
    39
    Likes Received:
    4
    Trophy Points:
    8
    Gender:
    Male
    Home Page:
    Hi, I have already did the sysctl things, otherwize I won't be able to ping each side of the interface.

    Code:
    [[email protected] ~]# grep . `find /proc/sys -name rp_filter`
    /proc/sys/net/ipv4/conf/tunX/rp_filter:0
    /proc/sys/net/ipv4/conf/eth0/rp_filter:0
    /proc/sys/net/ipv4/conf/lo/rp_filter:0
    /proc/sys/net/ipv4/conf/default/rp_filter:0
    /proc/sys/net/ipv4/conf/all/rp_filter:0
    [[email protected] ~]# grep . `find /proc/sys -name proxy_arp`
    /proc/sys/net/ipv4/conf/tunX/proxy_arp:1
    /proc/sys/net/ipv4/conf/eth0/proxy_arp:1
    /proc/sys/net/ipv4/conf/lo/proxy_arp:1
    /proc/sys/net/ipv4/conf/default/proxy_arp:1
    /proc/sys/net/ipv4/conf/all/proxy_arp:1
    [[email protected] ~]# grep . `find /proc/sys -name ip_forward`
    1
    Code:
    [email protected]: ~# grep . `find /proc/sys -name rp_filter`
    /proc/sys/net/ipv4/conf/all/rp_filter:0
    /proc/sys/net/ipv4/conf/default/rp_filter:0
    /proc/sys/net/ipv4/conf/lo/rp_filter:0
    /proc/sys/net/ipv4/conf/eth0/rp_filter:0
    /proc/sys/net/ipv4/conf/gre0/rp_filter:0
    /proc/sys/net/ipv4/conf/tunX/rp_filter:0
    [email protected]:~# grep . `find /proc/sys -name proxy_arp`
    /proc/sys/net/ipv4/conf/all/proxy_arp:1
    /proc/sys/net/ipv4/conf/default/proxy_arp:1
    /proc/sys/net/ipv4/conf/lo/proxy_arp:1
    /proc/sys/net/ipv4/conf/eth0/proxy_arp:1
    /proc/sys/net/ipv4/conf/gre0/proxy_arp:1
    /proc/sys/net/ipv4/conf/tunX/proxy_arp:1
    [email protected]:~# grep . `find /proc/sys -name ip_forward`
    1
    Also I already put iptables off for both servers...
     
  4. DAgent

    DAgent Moderator

    Joined:
    Mar 14, 2011
    Messages:
    452
    Likes Received:
    115
    Trophy Points:
    43
    Home Page:
    What is exactly what you want to do, to be able to bind 147.3 at server B?
    What is exactly the problem you're having: when you connect to a port at 147.3 server A picks up instead of server B?
     
  5. Night_Fall

    Night_Fall Member

    Joined:
    Nov 10, 2011
    Messages:
    39
    Likes Received:
    4
    Trophy Points:
    8
    Gender:
    Male
    Home Page:
    Yes exactly, and I also want if I am at my home computer or any other computer that the traffic is redirected from server a to server b

    Yes once I connect to 147.3 for example ssh / http / smtp , server A reply and I want server A send the request to server B and then server B reply by using the server A ip
     
  6. DAgent

    DAgent Moderator

    Joined:
    Mar 14, 2011
    Messages:
    452
    Likes Received:
    115
    Trophy Points:
    43
    Home Page:
    Then you have 147.3 bound to server A. Shutdown that interface and try again

    also make sure you have a route at server A:

    route add 69.195.147.3 gw 10.0.201.1

    and server B:

    route add 69.195.147.3

    This way you'll be using upstream traffic from server B, and downstream at server A, then the tunnel, then server B
     
  7. Night_Fall

    Night_Fall Member

    Joined:
    Nov 10, 2011
    Messages:
    39
    Likes Received:
    4
    Trophy Points:
    8
    Gender:
    Male
    Home Page:
    Code:
    [[email protected] ~]# route add 69.195.147.3
    SIOCADDRT: No such device
    so I assume you mean redirect traffic to tunnel

    I typed route add 69.195.147.3 dev tunX

    I killed the .147.3 interface and put it up again it but it didn't work I really don't know why. I had already tested those routes.

    EDIT: When I say it doesn't work I mean I try to connect to port 80 of 69.195.147.3 with a browser from my local computer and I get a :
    "Oops! Google Chrome could not connect to 69.195.147.3" web service is not enabled on SERVERA but nginx is running on SERVERB


    I'll paste here my route config and interfaces for both server maybe this will help:

    SERVER A
    ------------------------------------------------------------
    Code:
    [[email protected] ~]# ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:11:43:B0:8B:AB  
              inet addr:69.195.147.2  Bcast:69.195.147.255  Mask:255.255.255.0
              inet6 addr: fe80::211:43ff:feb0:8bab/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:230218 errors:0 dropped:0 overruns:0 frame:0
              TX packets:31192 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:16432694 (15.6 MiB)  TX bytes:4610302 (4.3 MiB)
              Interrupt:169 Memory:dfcf0000-dfd00000 
    
    eth0:1    Link encap:Ethernet  HWaddr 00:11:43:B0:8B:AB  
              inet addr:69.195.147.3  Bcast:69.195.147.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:169 Memory:dfcf0000-dfd00000 
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:86 errors:0 dropped:0 overruns:0 frame:0
              TX packets:86 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:9144 (8.9 KiB)  TX bytes:9144 (8.9 KiB)
    
    tunX      Link encap:UNSPEC  HWaddr 45-C3-92-02-F9-BF-F8-AE-00-00-00-00-00-00-00-00  
              inet addr:10.0.201.1  P-t-P:10.0.201.1  Mask:255.255.255.0
              UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
              RX packets:166 errors:0 dropped:0 overruns:0 frame:0
              TX packets:172 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:10152 (9.9 KiB)  TX bytes:14600 (14.2 KiB)
    Code:
    [[email protected] ~]# route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    twart.expert243 10.0.201.1      255.255.255.255 UGH   0      0        0 tunX
    69.195.147.0    *               255.255.255.0   U     0      0        0 eth0
    10.0.201.0      *               255.255.255.0   U     0      0        0 tunX
    169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
    default         69.195.147.1    0.0.0.0         UG    0      0        0 eth0

    SERVER B
    --------------------------------------------------------
    Code:
    [email protected]:~# ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:19:d1:49:e3:10  
              inet addr:64.79.86.82  Bcast:64.79.86.87  Mask:255.255.255.248
              inet6 addr: fe80::219:d1ff:fe49:e310/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:950548 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1041924 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:99371125 (94.7 MiB)  TX bytes:188124257 (179.4 MiB)
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:775003 errors:0 dropped:0 overruns:0 frame:0
              TX packets:775003 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:92458072 (88.1 MiB)  TX bytes:92458072 (88.1 MiB)
    
    tunX      Link encap:UNSPEC  HWaddr 40-4F-55-52-00-00-00-00-00-00-00-00-00-00-00-00  
              inet addr:10.0.201.2  P-t-P:10.0.201.2  Mask:255.255.255.0
              UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
              RX packets:172 errors:0 dropped:0 overruns:0 frame:0
              TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:10472 (10.2 KiB)  TX bytes:10152 (9.9 KiB)
    Code:
    [email protected]:~# route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    twart.expert243 *               255.255.255.255 UH    0      0        0 tunX
    64.79.86.80     *               255.255.255.248 U     0      0        0 eth0
    64.79.86.224    *               255.255.255.224 U     0      0        0 eth0
    64.79.86.128    *               255.255.255.224 U     0      0        0 eth0
    10.0.201.0      *               255.255.255.0   U     0      0        0 tunX
    default         51.55.4f.static 0.0.0.0         UG    0      0        0 eth0

    So here's the route and ifconfig output for both servers
     
    Last edited: Jun 17, 2012
  8. Night_Fall

    Night_Fall Member

    Joined:
    Nov 10, 2011
    Messages:
    39
    Likes Received:
    4
    Trophy Points:
    8
    Gender:
    Male
    Home Page:
    Same thing here, didn't worked.
     
  9. DAgent

    DAgent Moderator

    Joined:
    Mar 14, 2011
    Messages:
    452
    Likes Received:
    115
    Trophy Points:
    43
    Home Page:
    Server A:

    ifconfig eth0:1 down
    route add 69.195.147.3 gw 10.0.201.1

    Server B:

    ifconfig eth0:1 69.195.147.3 netmask 255.255.255.0
     
  10. Night_Fall

    Night_Fall Member

    Joined:
    Nov 10, 2011
    Messages:
    39
    Likes Received:
    4
    Trophy Points:
    8
    Gender:
    Male
    Home Page:
    This is not working again, but this time when I connect with my browser this take forever before saying the connection is rejected.
     
  11. DAgent

    DAgent Moderator

    Joined:
    Mar 14, 2011
    Messages:
    452
    Likes Received:
    115
    Trophy Points:
    43
    Home Page:
    Paste the output of ifconfig and route -n here again please
     
  12. Night_Fall

    Night_Fall Member

    Joined:
    Nov 10, 2011
    Messages:
    39
    Likes Received:
    4
    Trophy Points:
    8
    Gender:
    Male
    Home Page:
    SERVERA:

    Code:
    [[email protected] ~]# ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:11:43:B0:8B:AB  
              inet addr:69.195.147.2  Bcast:69.195.147.255  Mask:255.255.255.0
              inet6 addr: fe80::211:43ff:feb0:8bab/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:4042 errors:0 dropped:0 overruns:0 frame:0
              TX packets:862 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:299043 (292.0 KiB)  TX bytes:120735 (117.9 KiB)
              Interrupt:169 Memory:dfcf0000-dfd00000 
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:20 errors:0 dropped:0 overruns:0 frame:0
              TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:1568 (1.5 KiB)  TX bytes:1568 (1.5 KiB)
    
    tunX      Link encap:UNSPEC  HWaddr 45-C3-92-02-C2-BF-28-78-00-00-00-00-00-00-00-00  
              inet addr:10.0.201.1  P-t-P:10.0.201.1  Mask:255.255.255.0
              UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
              RX packets:12 errors:0 dropped:0 overruns:0 frame:0
              TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:1008 (1008.0 b)  TX bytes:4104 (4.0 KiB)
    Code:
    [[email protected] ~]# route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    69.195.147.3    10.0.201.1      255.255.255.255 UGH   0      0        0 tunX
    69.195.147.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
    10.0.201.0      0.0.0.0         255.255.255.0   U     0      0        0 tunX
    169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
    0.0.0.0         69.195.147.1    0.0.0.0         UG    0      0        0 eth0
    SERVER B:
    Code:
    [email protected]:~# ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:19:d1:49:e3:10  
              inet addr:64.79.86.82  Bcast:64.79.86.87  Mask:255.255.255.248
              inet6 addr: fe80::219:d1ff:fe49:e310/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:126653 errors:0 dropped:0 overruns:0 frame:0
              TX packets:137791 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:12250883 (11.6 MiB)  TX bytes:23102637 (22.0 MiB)
    
    eth0:1   Link encap:Ethernet  HWaddr 00:19:d1:49:e3:10  
              inet addr:69.195.147.3  Bcast:69.195.147.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:130107 errors:0 dropped:0 overruns:0 frame:0
              TX packets:130107 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:15395678 (14.6 MiB)  TX bytes:15395678 (14.6 MiB)
    
    tunX      Link encap:UNSPEC  HWaddr 40-4F-55-52-00-00-00-00-00-00-00-00-00-00-00-00  
              inet addr:10.0.201.2  P-t-P:10.0.201.2  Mask:255.255.255.0
              UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
              RX packets:68 errors:0 dropped:0 overruns:0 frame:0
              TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:5712 (5.5 KiB)  TX bytes:5040 (4.9 KiB)
    
    Code:
    [email protected]:~# route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    64.79.86.80     0.0.0.0         255.255.255.248 U     0      0        0 eth0
    64.79.86.224    0.0.0.0         255.255.255.224 U     0      0        0 eth0
    64.79.86.128    0.0.0.0         255.255.255.224 U     0      0        0 eth0
    69.195.147.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
    10.0.201.0      0.0.0.0         255.255.255.0   U     0      0        0 tunX
    0.0.0.0         64.79.86.81     0.0.0.0         UG    0      0        0 eth0
     
  13. DAgent

    DAgent Moderator

    Joined:
    Mar 14, 2011
    Messages:
    452
    Likes Received:
    115
    Trophy Points:
    43
    Home Page:
    That's the proper interface config and the proper routing table at both servers -- now is time to look somewhere else
     
  14. Night_Fall

    Night_Fall Member

    Joined:
    Nov 10, 2011
    Messages:
    39
    Likes Received:
    4
    Trophy Points:
    8
    Gender:
    Male
    Home Page:
    When I put the eth0:1 up at server B I cannot ping the other gateway of the tunnel :

    server A ping 10.0.201.2 didn't respond when I have server B eth0:1 up

    but once I down the eth0:1 on server B i can ping the 10.0.201.2 from server A

    maybe this can help ?
     
  15. DAgent

    DAgent Moderator

    Joined:
    Mar 14, 2011
    Messages:
    452
    Likes Received:
    115
    Trophy Points:
    43
    Home Page:
    The issue was that his provider at server B was not routing un-announced upstream but only for specific ranges (their own). His routing table is all set now and the interface config done properly
     
  16. Night_Fall

    Night_Fall Member

    Joined:
    Nov 10, 2011
    Messages:
    39
    Likes Received:
    4
    Trophy Points:
    8
    Gender:
    Male
    Home Page:
    Thanks to every people helping me, I'm waiting for the reply of my provider.

    Special thanks to DAgent, I ow' you one bro
     
  17. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    Can you ping the tunneled IPs from another server? Have you restarted your web server after adding the ip?
     

Share This Page