User Tools

Site Tools


gre_tunnel

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
gre_tunnel [2015/12/13 14:45]
Francisco Dias [Forwarding Ports Over your GRE Tunnel]
gre_tunnel [2016/06/02 00:46] (current)
Francisco Dias
Line 51: Line 51:
 echo '​net.ipv4.ip_forward=1'​ >> /​etc/​sysctl.conf echo '​net.ipv4.ip_forward=1'​ >> /​etc/​sysctl.conf
 sysctl -p sysctl -p
-iptunnel add gre1 mode gre local YOUR_FILTERED_IP ​remote DESTINATION_SERVER_IP ttl 255+iptunnel add gre1 mode gre local YOUR_UNFILTERED_IP ​remote DESTINATION_SERVER_IP ttl 255
 ip addr add 192.168.168.1/​30 dev gre1 ip addr add 192.168.168.1/​30 dev gre1
 ip link set gre1 up ip link set gre1 up
Line 59: Line 59:
  
 <​code>​ <​code>​
-iptunnel add gre1 mode gre local DESTINATION_SERVER_IP remote ​YOUR_FILTERED_IP ​ttl 255+iptunnel add gre1 mode gre local DESTINATION_SERVER_IP remote ​YOUR_UNFILTERED_IP ​ttl 255
 ip addr add 192.168.168.2/​30 dev gre1 ip addr add 192.168.168.2/​30 dev gre1
 ip link set gre1 up ip link set gre1 up
 </​code>​ </​code>​
 +
 +You will always want to form your GRE with your **unfiltered** IP address for all GRE tunnels to make sure you don't run into any sort of MTU issues or trigger the DDOS protection.
  
 Please note the first line of each changes to mark what IP to use locally and which remotely. The 2nd line documents each end point. In a /30, 2 IP's are usable: .1 and .2. Please note the first line of each changes to mark what IP to use locally and which remotely. The 2nd line documents each end point. In a /30, 2 IP's are usable: .1 and .2.
Line 111: Line 113:
 ===== Forwarding Ports Over your GRE Tunnel ===== ===== Forwarding Ports Over your GRE Tunnel =====
  
-To make things easier, we'll forward all ports to the backend server. ​If you're wanting to get more specific, you could add ''​-p tcp --dport 25565''​ if you just wanted to protect a minecraft server for instance.+To make things easier, we'll forward all ports to the backend server. 
 + 
 +Run the following commands on your BuyVM VPS:
  
-Please adjust, and run the following commands on your BuyVM VPS: 
 <​code>​ <​code>​
 iptables -t nat -A PREROUTING -d YOUR_FILTERED_IP -j DNAT --to-destination 192.168.168.2 iptables -t nat -A PREROUTING -d YOUR_FILTERED_IP -j DNAT --to-destination 192.168.168.2
 iptables -A FORWARD -d 192.168.168.2 -m state --state NEW,​ESTABLISHED,​RELATED -j ACCEPT iptables -A FORWARD -d 192.168.168.2 -m state --state NEW,​ESTABLISHED,​RELATED -j ACCEPT
 </​code>​ </​code>​
 +
 +If you're wanting to get more specific, you could add:
 +
 +<​code>​
 +-p tcp --dport 25565
 +</​code> ​
 +
 +If you just wanted to protect a minecraft server for instance.
  
 The first rule sets up the actual port forwarding and the second rule makes sure that connections get NAT'd, and matched back properly. The first rule sets up the actual port forwarding and the second rule makes sure that connections get NAT'd, and matched back properly.
gre_tunnel.1450046759.txt.gz · Last modified: 2015/12/13 14:45 by Francisco Dias