From: George Garvey <tmwg-netfilter@inxservices.com>
To: netfilter@lists.samba.org
Subject: Requestion for help with GRE tunnel
Date: Tue, 18 Jun 2002 06:39:45 -0700 [thread overview]
Message-ID: <20020618063945.A2662@inxservices.com> (raw)
I'm trying to make a tunnel between 2 LANs, 192.168.1 and 192.168.2.
Eventually over the internet, right now between 2 computers. Both
2.4.19.
Everything is hooked up to a gigE switch right now. I've set the
tunnel's IPs to LAN addresses for testing.
When the iproute2 commands are done, ip route get to the LAN on the
other side of the tunnel shows the tunnel.
I can ping the IP address of the tunnel.
When I try to ping or traceroute to the other LAN, I get sendto:
Operation not permitted.
What am I misunderstanding? I know this is probably stupid to
everyone but me, but I'd appreciate assistance.
These are the commands I'm using, which aren't working.
192.168.1:
This is the local LAN that already exists
/sbin/ip link set dev eth0 up mtu 1500
/sbin/ip address add 192.168.1.12/24 broadcast 192.168.1.255 dev eth0
This is an SDSL
/sbin/ip link set dev eth1 up
/sbin/ip address add 66.134.162.140/29 broadcast 66.134.162.143 dev eth1
This is an ADSL
/sbin/ip link set dev eth2 up
/sbin/ip address add 63.193.79.19/29 broadcast 63.193.79.23 dev eth2
/sbin/ip link set dev lo up
/sbin/ip address add 127.0.0.1/8 broadcast + dev lo
The ADSL is too busy to use for NAT
/sbin/ip route add default via 63.193.79.17 dev eth2
The tunnel
/sbin/ip tunnel add withsales mode gre remote 192.168.2.2 local 192.168.1.12 ttl 255 dev eth0
/sbin/ip link set withsales up
/sbin/ip address add 192.168.2.1/24 broadcast + dev withsales
While testing, I've had the firewall off, just NAT
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
/sbin/iptables -F -t nat
/sbin/iptables -L -n
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
/sbin/iptables -A FORWARD -j DROP
/sbin/iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 63.193.79.19
192.168.2:
This is the new LAN
/sbin/ip link set dev eth0 up mtu 1500
/sbin/ip address add 192.168.2.2/24 broadcast 192.168.2.255 dev eth0
This will be an ADSL, currently hooked up to gigE switch
/sbin/ip link set dev eth1 up
/sbin/ip address add 67.113.82.198/29 broadcast 67.113.82.202 dev eth1
/sbin/ip link set dev lo up
/sbin/ip address add 127.0.0.1/8 broadcast + dev lo
/sbin/ip route add default via 67.113.82.198 dev eth1
/sbin/ip tunnel add withsales mode gre remote 192.168.1.12 local 192.168.2.2 ttl 255 dev eth0
/sbin/ip link set withsales up
/sbin/ip address add 192.168.1.10/24 broadcast + dev withsales
next reply other threads:[~2002-06-18 13:39 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-18 13:39 George Garvey [this message]
2002-06-18 14:07 ` Requestion for help with GRE tunnel Ramin Alidousti
2002-06-18 15:59 ` George Garvey
2002-06-18 17:53 ` Ramin Alidousti
2002-06-18 21:00 ` George Garvey
2002-06-18 20:55 ` Tony Earnshaw
2002-06-18 21:03 ` Tony Earnshaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020618063945.A2662@inxservices.com \
--to=tmwg-netfilter@inxservices.com \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.