[linux] GRE tunel na port
peto
fodrek na kasr.elf.stuba.sk
Úterý Srpen 31 07:25:53 CEST 2004
----- Original Message -----
From: "Peter Surda" <shurdeek na routehat.org>
To: <linux na lists.linux.sk>
Sent: Monday, August 30, 2004 8:21 PM
Subject: Re: [linux] GRE tunel na port
> On Mon, Aug 30, 2004 at 04:47:24PM +0200, peto wrote:
> > Vazeny kolegovia!
> cau
>
> > potreboval by som radu, kolega momentalne v Australii by potreboval
> > preroutovat port 1723 cez GRE tunel na stroj vo vnutri lokalky, pricom
sa mu
> > meni IP
> teda pptp
>
> > cielovy server -----eth1 (NAT router)eth0--- vonkajsia siet
> potrebujes prislusne conntrack a nat moduly. http://www.netfilter.org
nat moduly su ok. v nutri siete je web server s druhou vonkajsou IP a ten
ide bez problemov, rovnako ako 20 desktop-ov z vnutra. Mne skor ide o to ci
sa tu neda urobit hrubica
problem moze byt len tu (vnutorny server ma z vnutra IP 147,175.108.194 a z
router ma z vonku 147.175.111.128 eth0 a 147.175.111.129 eth0:0) ide o VPN
na NT domian controlller, cize povolenie portu 1723 pre TCP a j UDP
spojenia. tie IP tables bez tunelu na ine porty idu bez problemov. Teraz ma
napadlo, ci nemam tunel vytvorit skor a routovat na/z neho. Lern tym som si
nie isty.
iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 1723 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d 147.175.111.128 --dport 1723 -j
DNAT --to 147.175.108.194:1723
iptables -A FORWARD -i eth0 -o eth1 -p udp --dport 1723 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d 147.175.111.128 --dport 1723 -j
DNAT --to 147.175.108.194:1723
iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 1723 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d 147.175.111.129 --dport 1723 -j
DNAT --to 147.175.108.194:1723
iptables -A FORWARD -i eth0 -o eth1 -p udp --dport 1723 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d 147.175.111.129 --dport 1723 -j
DNAT --to 147.175.108.194:1723
modprobe ip_gre
iptunnel add gre1 mode gre remote any local 147.175.111.128 dev eth0
echo IP tunel
ifconfig gre1 147.175.111.128 netmask 255.255.0.0 up
echo IP tunel 2
S vdakou a pozdravom
Peto
Další informace o konferenci linux