Hey there, Anyone know a good linux sysadmin looking for some freelance work? We need a GRE tunnel configured from our main server to a server we've leased with some mailing IPs. Both are running linux (CentOS 5.x). We don't have a full-time sysadmin on staff and are looking for someone to help with this. Figured you guys have maybe encountered this before. If you know someone, please let me know (PM or in this thread). Obviously we'll pay a fair rate for the service. Thanks!
Yeah it's a really simple job. I have a few contacts but you will probably get a faster response and job done on odesk or similar freelancing service and someone you can have in your rolodex for later. Just don't pick the cheapest applicant, make sure they have years of admin experience and some rep on the platform so you can be assured the work will be done right.
I can get it done for you. I have already posted instructions on gre tunneling on this forum somewhere.
Yeah I looked and was unable to find nickphx's post since I don't have PH access. But Nick PM'd me some very useful tips that I'll be trying out tonight. (Thanks Nick!!) I'll let you guys know if it works. Thanks very much for your responses.
Nickphx pointed out (in a PM) that I need to add some sysctl calls to the remote IP server: Thanks Nick! But I'm still dead in the water. So I thought I would post here what I've encountered and see if anyone has thoughts. Once I figure this out, I will write up some good documentation that we can post in this forum and everyone can refer to later. Let's say I've got the following: Code: [Main Server] Public IP 1.2.3.4 [Remote IP Server] Public IP 5.6.7.8, IP Range 5.5.5.0/24 I create the first tunnel from the main server using the public, external IPs: Code: ip tunnel add tun0 mode gre local 1.2.3.4 remote 5.6.7.8 ip link set dev tun0 up Next step (I think) is to add an IP address to the tunnel interface: Code: ip address add dev tun0 x.x.x.x What's the right IP address to use here? Seems that it needs to be IPs in the IP range (5.5.5.0/24) otherwise I will be unable to bind to them on this machine. But some docs I've read indicate that it should be a local IP (1.2.3.4). For the record I've tried and failed at both. Should I add a " peer x.x.x.x" portion? If so, do I use 5.6.7.8? Next step (I think) is to add a route: Code: ip route add dev tun0 5.5.5.0/24 Do I need a "via x.x.x.x" portion? When I use "via 5.6.7.8" I get "RTNETLINK answers: Network is unreachable". If I omit the via, the command completes without error. But trying all the combinations, nothing seems to work. If I do this: Code: ip tunnel add tun0 mode gre local 1.2.3.4 remote 5.6.7.8 ip link set dev tun0 up ip address add dev tun0 1.2.3.4 ip route add dev tun0 5.5.5.0/24 then my netcat bind fails (which makes sense): Code: nc -s 5.5.5.1 b.mx.mail.yahoo.com 25 nc: bind failed: Cannot assign requested address If I do this: Code: ip tunnel add tun0 mode gre local 1.2.3.4 remote 5.6.7.8 ip link set dev tun0 up ip address add dev tun0 5.5.5.1 ip route add dev tun0 5.5.5.0/24 then my netcat bind just hangs. I think I'm missing something fundamental. Everything on the internet is using GRE tunneling to connect two private networks, which isn't helping. Here are some docs: http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.tunnel.gre.html http://www.policyrouting.org/iproute2.doc.html
You could try creating the following script, making it executable and running it on boot. (after editing IPs as needed, of course) #/startup.sh #Probe for the GRE module modprobe ip_gre #Create the tunnel, bring it up, and assign an IP ip tunnel add rtr mode gre remote 5.6.7.8 local 1.2.3.4 ttl 255 ip link set dev rtr up ip addr add 192.168.1.0/24 dev rtr (NAT network for use inside the tunnel itself) #Configure the system to proxy ARP and to route packets echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/rtr/proxy_arp echo 1 > /proc/sys/net/ipv4/ip_forward #Tell the system that IPs 3-254 are through the tunnel. #This sends the packets to the right place, but it also #tells the system to proxy ARP for those IPs for i in {3..254} do ip route add 5.6.7.$i/32 dev rtr done
no sir. that creates a tunnel device, if you specified dev eth0 it would return an error. when adding ip addresses and routes you would need to specify which device.