| To: | lartc@mailman.ds9a.nl |
|---|---|
| Subject: | Re: [LARTC] ipip/gre tunnel behind NAT environments. |
| From: | shetravel <shetravel@gmail.com> |
| Date: | Wed, 23 May 2007 02:52:14 +0900 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | lartc-list@securepoint.com |
| Delivered-to: | lartc@outpost.ds9a.nl |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QP61F61fcr1aKRnGgys09SMP107W47M2Pito/vYpb7ZBy+yu0x5D+lNFu7xEHfS7/wMM3RT6H9iIkiz4fNsWKtVyYPdKsriT678hSjwIj1aAEBeTQTJmVGBkJoLQvNy0Um6PSRqUYAx//fMDAMthFEBI6sIL4C7F9X67sSaE+EY= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=egePdTgJokVH85F/d5a+k9xv0i4Vru9UjOrFehs7CvCwcY5nxz3CwZzEAUjOVzKsY3ofqar/rtxPjSpOFt29WsR39MD3ZDSgRYEKhCHaCUU3a0RKyTkytCnpA1pPUmCHlAQfvYjE9aa3tOeWEl2mez5Teyg3Ncn6OA9zV5yDNnA= |
| In-reply-to: | <118619310705211250p4033cc2dha28eae80b132cc9b@mail.gmail.com> |
| List-archive: | <http://mailman.ds9a.nl/pipermail/lartc> |
| List-help: | <mailto:lartc-request@mailman.ds9a.nl?subject=help> |
| List-id: | "Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl> |
| List-post: | <mailto:lartc@mailman.ds9a.nl> |
| List-subscribe: | <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe> |
| List-unsubscribe: | <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe> |
| References: | <63d6f13b0705191403y7f9256cbp1bbcd2d9b9575d83@mail.gmail.com> <118619310705211250p4033cc2dha28eae80b132cc9b@mail.gmail.com> |
| Sender: | lartc-bounces@mailman.ds9a.nl |
Thank you for the reply, Ryan. Yes, unfortunately it does not a linux box, but D-link IP sharing box. it only shows me IPSEC/PPTP tunnel pass through options on it. so, it should be passed the ipip or gre packet through the NAT machine right ? Thanks in advance. 2007/5/22, Ryan Castellucci <ryan.castellucci@gmail.com>: If the firewall is a linux system, you should be able to easily use DNAT to forward the ipip or gre packets to host 'A'. Something like... iptables -t nat -A PREROUTING -i [Firewall's internet facing interface] -s [Host B's IP] -d [Firewall's public IP] -p ipip -j DNAT --to-destination [Host A's IP] I'm not sure if connection tracking will do any of this automatically, but if it were going to work, A would have to send packets to B over the tunnel first before B could send to A. -- Ryan Castellucci http://ryanc.org/ _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartcOn 5/19/07, shetravel <shetravel@gmail.com> wrote:> Hi, Does anyone tried to get ipip or gre tunnel behind NAT environments. ? > i'm trying to make both side tunneling with ipip or gre with private address > just like belows.. > > > A -------------------FIRWWAL -------------------INET ------------------- B > PRIVATE PUBLIC > PUBLIC > (10.100.0.1) (211.xxx.xxx.xxx) > (211.xxx.xxx.xxx) > > is it possible to make both side connections with IPIP or GRE tunnels ? > thanks in advance. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [LARTC] lc shaping in- and outbound traffic on same box, Konstantin Astafjev |
|---|---|
| Next by Date: | RE: [LARTC] lc shaping in- and outbound traffic on same box, beere |
| Previous by Thread: | Re: [LARTC] ipip/gre tunnel behind NAT environments., Ryan Castellucci |
| Next by Thread: | [LARTC] Re: LARTC Digest, Vol 27, Issue 26, terraja-based |
| Indexes: | [Date] [Thread] [Top] [All Lists] |