similar to: ipip/gre tunnel behind NAT environments.

Hi guys, I''m trying to setup an IPIP tunnel between a Cisco router and a firewall running Debian GNU/Linux Sarge with Shorewall 2.0.13. I''ve read and implemented the http://shorewall.net/IPIP.htm document, but I don''t understand why there should be at the same time a "tunnel" and a "tunnels" script. Shorewall still refuses to let the

After carefull reading (LARTC) and experimentation, I am in a dead end... I am using several IPIP tunnels (linux ipip module, IP protocol 4). I''d like to filter packets going through these tunnes to different classes, on the ingress device, based on source and destination IP _INSIDE THE TUNNEL_. First I tried the nexthdr bit. As explained in LARTC, nexthdr jumps to the next header

Hi! Can I create the unnumbered GRE tunnel with iproute2 utility? Can someone provide me a link/howto/example_config how to do it? The topology is one tunnel between two linux boxes: -- eth1-|__|-eth0 <-------------> eth0-|__|-eth1 -- I''m trying now with: ip tu add tun1 mode gre local loc.IP remote rem.IP ttl 255 dev eth0 ip addr add tun1 0.0.0.0 ip link set tun1 up but it

Hi I am trying to setup an ipip tunnel to another linux router and am having serious problems. A bit of background first though because we may be going at this from the wrong angle. I have a router that runs bering firewall of a CF flash card that is going to act as a gteway for the amateur radio amprnet network. Heres what I need from it- I have an internal network 192.168.1.1 etc and a

What''s going on here? I''m spewing UDP traffic at this thing, and it is exceeding the ceil. Anyone know how to fix this? class htb 1:613 parent 1:5 leaf 613: prio 6 quantum 2560 rate 20480bit ceil 103360bit burst 15Kb/8 mpu 0b overhead 0b cburst 1728b/8 mpu 0b overhead 0b level 0 Sent 16591370 bytes 4159 pkt (dropped 39449, overlimits 0 requeues 0) rate 412384bit 6pps backlog 0b

A bit more detail. I have the following htb classes set up... class htb 1:356 parent 1:4 leaf 356: prio 4 quantum 1600 rate 12800bit ceil 51680bit burst 15Kb/8 mpu 0b overhead 0b cburst 1663b/8 mpu 0b overhead 0b level 0 class htb 1:357 parent 1:4 leaf 357: prio 4 quantum 1600 rate 12800bit ceil 51680bit burst 15Kb/8 mpu 0b overhead 0b cburst 1663b/8 mpu 0b overhead 0b level 0 class htb 1:2 root

Hi Guys, I want to create multiple virtual interfaces on a system running linux 2.6. The main requirment being, to assign unique MAC address fo each of the virtual interfaces. I need to know, if this is possible and will really appriciate if someone can provide me pointer in this direction. Thanks a lot. R. Singh _______________________________________________ LARTC mailing list

I''m using a fairly large number of classes, andf borrowing is not working as expected... I''ve called this setting it up on an IMQ device with speed 1200/256 on a 1536/384 line. I''m then throwing a UDP data transfer at it that gets tossed in one of the class under parent 1:6. The classification is working fine, but when I try to ping out, ping times are in the 900ms

Hello I have /25 addressed on a box (virtual devices on eth0) and I want to tunnel some of these addresses to my home network. One address to my gateway (a.b.c.d, external IP) and one address to my internal network (192.168.0.0/24-style). I will use the tunnels for irc, smtp and surfing. What protocol and which technique is easiest and best to use? One more thing. I don''t want to set up

Hi, I am using linux kernle-2.6.15, iptables-1.4 and bridge-utils-1.4. Everything intslled without any issue and i am able to enable the bridge and traffic is also flowing without any issue. But i did not see any traffic on the iptables forward chain due to which i am not able to control the traffic. Do i requie enable anything more to make the traffic pass through iptables forward chain.

Hey guys I''ve been beating my head on this for a few hours. Maybe it is just a stupid configuration error you can point me at. First here is a small diagram of what I am trying to configure: http://6bit.com/img/netdiag.png Currently I only have Shorewall running on the host on the right of the diagram until I can get this working then I''ll add it to the other host as well.

We switched over from a bordermanager firewall to a shorewall firewall. Some stuff is not working now. I realized that I had not created the route for the network that is not working however once I created it, it still didn''t work. Most of our network is fine however some pieces are not working. [Net] - [Shorewall] - [LAN] - [Cisco] - [Clients and servers not working] The firewall

Hi All: Ok, here is my network: 192.168.1.0/28 is the network behind the Cisco, the Gig0/1 interface is 192.168.1.1. Linux box is 192.168.1.96/28 behind with 192.168.1.97 the Eth1 interface. I have the Ipsec tunnel up and working between them using preshared keys. So that works. Here is the Cisco tunnel setup: interface Tunnel6 ip address 192.168.2.110 255.255.255.240 tunnel source

Hi, I''ve a gateway host (cali), connected to the Internet via ADSL and a PPTP tunnel (ppp0). I also have a IPIP tunnel to another host over the Internet (mytun), nothing fancy. This is working perfectly. But I want to give more priority to the IPIP packets coming OUT of the PPP (PPTP connection) interface. And I can''t get this to work. Class 2:21 is the one with high

Hi, I have a box set up to distribute load over 4 satellite connections. I cannot use Instant Messenger programs with it as it stands, I believe that using iproute2, the path to the server is not being locked to one interface, so the IM servers are getting user traffic from multiple IPs. When I set just one default gateway, IMs work great. When I use the scope global/nexthop method of load

I was trying the following setup with IPIP tunnels, one that used to work through another ISP, but no longer... Internal network | Linux box 1 (kernel 2.2.24) iif=10.0.0.1, extf=a.b.c.d, tunf=172.16.0.1 | |local metropolitan network | Another Linux box 2 (kernel 2.2.17, or 2.4.19, same result) iif=irrelevant, extf=x.y.z.v,

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=98 netfilter@linuxace.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter@linuxace.com Status|ASSIGNED |RESOLVED Resolution|

I always used multiple links from different ISPs and in my oppinion the best way to really aggregate bandwidth is using some kind of proxy which the client connects to and distribute multiple connections to the links. Years ago, a friend of mine wrote Netsplitter: http://www.hostname.org/netsplitter/ but it''s outdated, abandoned (last version from 2002). And it was mainly written for

Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport]. Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic. Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces. Testing with an ftp transfer of

Hi List, FYI. We have been using CentOS 6.4 and have 2 vpn/gre tunnels to separate cisco rtrs using ospf. with kernel 2.6.32-358.23.2 We have upgraded to 6.5 bit using kernel 2.6.32-431.5.1 and the exact same configuration scripts for our vpn/gre tunnels. What I see is the first gre tunnel works great and I get an ospf neighbor. The second tunnel comes up and I can ping across it and I see