Hi, Does anyone tried to get ipip or gre tunnel behind NAT environments. ? i''m trying to make both side tunneling with ipip or gre with private address just like belows.. A -------------------FIRWWAL -------------------INET ------------------- B PRIVATE PUBLIC PUBLIC (10.100.0.1) (211.xxx.xxx.xxx) ( 211.xxx.xxx.xxx) is it possible to make both side connections with IPIP or GRE tunnels ? thanks in advance. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On 5/19/07, shetravel <shetravel@gmail.com> wrote:> Hi, Does anyone tried to get ipip or gre tunnel behind NAT environments. ? > i''m trying to make both side tunneling with ipip or gre with private address > just like belows.. > > > A -------------------FIRWWAL -------------------INET ------------------- B > PRIVATE PUBLIC > PUBLIC > (10.100.0.1) (211.xxx.xxx.xxx) > (211.xxx.xxx.xxx) > > is it possible to make both side connections with IPIP or GRE tunnels ? > thanks in advance.If the firewall is a linux system, you should be able to easily use DNAT to forward the ipip or gre packets to host ''A''. Something like... iptables -t nat -A PREROUTING -i [Firewall''s internet facing interface] -s [Host B''s IP] -d [Firewall''s public IP] -p ipip -j DNAT --to-destination [Host A''s IP] I''m not sure if connection tracking will do any of this automatically, but if it were going to work, A would have to send packets to B over the tunnel first before B could send to A. -- Ryan Castellucci http://ryanc.org/
Thank you for the reply, Ryan. Yes, unfortunately it does not a linux box, but D-link IP sharing box. it only shows me IPSEC/PPTP tunnel pass through options on it. so, it should be passed the ipip or gre packet through the NAT machine right ? Thanks in advance.> 2007/5/22, Ryan Castellucci <ryan.castellucci@gmail.com>: > If the firewall is a linux system, you should be able to easily use > DNAT to forward the ipip or gre packets to host ''A''. > > Something like... > > iptables -t nat -A PREROUTING -i [Firewall''s internet facing > interface] -s [Host B''s IP] -d [Firewall''s public IP] -p ipip -j DNAT > --to-destination [Host A''s IP] > > I''m not sure if connection tracking will do any of this automatically, > but if it were going to work, A would have to send packets to B over > the tunnel first before B could send to A. > > -- > Ryan Castellucci http://ryanc.org/ > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > >> On 5/19/07, shetravel <shetravel@gmail.com> wrote: > > Hi, Does anyone tried to get ipip or gre tunnel behind NAT environments. ? > > i''m trying to make both side tunneling with ipip or gre with private address > > just like belows.. > > > > > > A -------------------FIRWWAL -------------------INET ------------------- B > > PRIVATE PUBLIC > > PUBLIC > > (10.100.0.1) (211.xxx.xxx.xxx) > > (211.xxx.xxx.xxx) > > > > is it possible to make both side connections with IPIP or GRE tunnels ? > > thanks in advance. >