1

How to force certain traffic through GRE tunnel?

view story
linux-howto

http://serverfault.com – Here's what I do. Server (public internet is 222.x.x.x): echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf sysctl -p iptunnel add gre1 mode gre local 222.x.x.x remote 115.x.x.x ttl 255 ip add add 192.168.168.1/30 dev gre1 ip link set gre1 up iptables -t nat -A POSTROUTING -s 192.168.168.0/30 -j SNAT --to-source 222.x.x.x iptables -t nat -A PREROUTING -d 222.x.x.x -j DNAT --to-destination 192.168.168.2 Client (public internet is 115.x.x.x): iptunnel add gre1 mode gre local 115.x.x.x remote 222.x.x.x ttl 255 ip add add 192.168.168.2/30 dev gre1 ip link set gre1 up (HowTos)

xskl's picture
Submitted by xskl on 12/14/2012

Stories similar to How to force certain traffic through GRE tunnel?

Hi all, i need do a boot script with following command :modprobe ip_greiptunnel add gre1 mode gre remote XXX.XXX.XXX.XXX local XXX.XXX.XXX.XXX dev eth0ifconfig gre1 XX... [by blade832]

I want to forward port 2222 on an Ubuntu 12.04 server to remote host 1.2.3.4 port 22, using iptables.

After reading many web pages on port-forwarding, I issue

$ sysctl net.ipv4.conf.eth0.forwarding net.ipv4.conf.eth0.forwarding = 1 $ sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 2222 -j DNAT --to-destination 1.2.3.4:22

Which forwards traffic as I desired. But ssh does not work.

I have a linux box with two NIC cards: eth0 and eth1.

In one card i have 3 public IP:

eth0 = 10.10.10.1 eth0:1= 10.10.10.2 eth0:2= 10.10.10.3

In the other card I have one local IP

eth1 = 192.9.200.1

I want to redirect all the wan traffic for 10.10.10.2 to the LAN 192.9.200.2 and the same for 10.10.10.3 to 192.9.200.3

I have tried with this rule but doesn't work

iptables -t nat -A PRE

I have a kippo honeypot setup on our local network, and our DMZ uses:

sysctl net.ipv4.ip_forward=1 ldconfig iptables -t nat -A PREROUTING -p tcp -s $ATTACKER_IP --dport 22 -j DNAT --to-destination 192.168.1.200:2222 iptables -t nat -A POSTROUTING -j MASQUERADE

There is also a port forward on the router so port 2222 can be hit from outside the network.

Good morning, I'm a newbie of iptables and as far as I've seen on tutorials on the Internet it seems that both prerouting and postrouting NAT chains are undergone both by a packet that goes from an internal LAN to the Internet and of a one that goes in the opposite direction (from the Internet to the LAN). AS NAT prerouting is DNAT, i.e.

Hello. I'm brand new to Linux, but a long time Windows administrator, so I understand the concepts, not the syntax.

I've stumbled through setting up Ubuntu Server as a NAT server. It's working great now.

I have a basic setup that requires the following Client -> iptables DNAT -> Server using udp messaging:

The configuration I have on my client is: (my server is 172.33.1.30)

ifconfig eth0:1 172.32.1.10 netmask 255.255.0.0 ifconfig eth1 172.33.1.10 netmask 255.255.0.0 iptables -t nat -A PREROUTING -p udp -i eth0 -d 172.32.1.10 --dport 1001 -j DNAT --to 172.33.1.30 iptables -A FORWARD -p udp -i et

Good day. I have a following issue - i have plenty of the computers in my local network(probably, about 40, and this amount could increase), and i want to give remote access to all of them from the internet. All those machines are connected to internal network through one gateway/firewall/whateverelse with debian 6.0.7 on board.

My goal is to redirect connections from the local host to a remote server, and be able to change the remote address on the fly, without any client config changes.