Re: [LARTC] ipip/gre tunnel behind NAT environments.

To:	lartc@mailman.ds9a.nl
Subject:	Re: [LARTC] ipip/gre tunnel behind NAT environments.
From:	"Ryan Castellucci" <ryan.castellucci@gmail.com>
Date:	Mon, 21 May 2007 12:50:56 -0700
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TERwrpXkYUe7eo+eQo8W7EZ9iCmS4ttKj7r84jPMO1yscEYKp8b6SViXQNmpM9UL7oIVmEFTMLPHMcN1w2Avu7U3kB9vusT16oQFwIqLF5KZrO9G+uI8Eylebco5367yENldK4ZyIekZaAzoIOPxna9bHkJ8Gft4Xw3wr3Uql/k=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lavmrWtzeundyyP7KxjFR/RTn7iyE5BtllwbfSEmgeJtFjtxGzBOx2MIN2IIFEm4dm3WOtlXfsDaVOvue1VN5w5EsJ6ZwCFeGvMNtwApq6oNphNAQqgJPev3YJnt4Mp84by1ZTuhdSR/FAMj3zVAjnBl4uztnqZ9dtc+reF/cFM=
In-reply-to:	<63d6f13b0705191403y7f9256cbp1bbcd2d9b9575d83@mail.gmail.com>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<63d6f13b0705191403y7f9256cbp1bbcd2d9b9575d83@mail.gmail.com>
Sender:	lartc-bounces@mailman.ds9a.nl

On 5/19/07, shetravel <shetravel@gmail.com> wrote:

Hi, Does anyone tried to get ipip or gre tunnel behind NAT environments. ?
i'm trying to make both side tunneling with ipip or gre with private address
just like belows..


A -------------------FIRWWAL -------------------INET ------------------- B
  PRIVATE                PUBLIC
     PUBLIC
(10.100.0.1)             (211.xxx.xxx.xxx)
(211.xxx.xxx.xxx)

is it possible to make both side connections with IPIP or GRE tunnels ?
thanks in advance.


If the firewall is a linux system, you should be able to easily use
DNAT to forward the ipip or gre packets to host 'A'.

Something like...

iptables -t nat -A PREROUTING -i [Firewall's internet facing
interface] -s [Host B's IP] -d [Firewall's public IP] -p ipip -j DNAT
--to-destination [Host A's IP]

I'm not sure if connection tracking will do any of this automatically,
but if it were going to work, A would have to send packets to B over
the tunnel first before B could send to A.

--
Ryan Castellucci http://ryanc.org/
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] ipip/gre tunnel behind NAT environments., shetravel Re: [LARTC] ipip/gre tunnel behind NAT environments., Ryan Castellucci <= Re: [LARTC] ipip/gre tunnel behind NAT environments., shetravel

Previous by Date:	Re: [LARTC] IPCLASSIFY - patch based on IPMARK, VladSun
Next by Date:	Re: [LARTC] Multihome load balancing - kernel vs netfilter, Luciano Ruete
Previous by Thread:	[LARTC] ipip/gre tunnel behind NAT environments., shetravel
Next by Thread:	Re: [LARTC] ipip/gre tunnel behind NAT environments., shetravel
Indexes:	[Date] [Thread] [Top] [All Lists]