0

I'm pretty new to networking so please forgive any terminology mistakes.

I have 2 servers connected with a GRE tunnel.

Server1 (10.0.0.1) ----> Server2 (10.0.0.2)

I want to be able to bind to the public IPs on Server2 using Server1. To do this, I setup virtual interfaces with Server2's public IPs on Server1 and then used routing rules on Server1 to route the packets through the GRE tunnel.

On Server1:

ip rule add from [Server2's first public IP] table gre
ip rule add from [Server2's second public IP] table gre
ip route add default via 10.0.0.2 dev gre1 table gre

This works great and I can see the packets arriving via GRE on Server2. I can see the packet exiting the tunnel on Server2's gre1 device as shown:

From Server1: ping -I [Server2's public ip] google.com

tcpdump from Server2's GRE tunnel device:

12:07:17.029160 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) [Server2's public ip] > 74.125.225.38: ICMP echo request, id 6378, seq 50, length 64

This is exactly the packet I want. However, I'm not seeing it go out at all on eth0:0 (where Server2's public IP is bound to).

I've tried to use routing rules to get packets coming from Server2's public IP (which would be coming out of dev gre1) to go through dev eth0 on the public default gateway and that doesn't work either.

I'm at a loss, thank you to anyone who can help.

Evan
  • 1
  • If I uderstand correctly two servers share the same public IPs configured on its interfaces. Who did advice you such setup? – Veniamin Nov 09 '13 at 12:12
  • My client is using a legacy Linux program that needs to be able to bind to an interface on the server it is running on. I've seen this setup before (but I only had control of Server1 and it worked great), so I figured I could use the same technique for this. – Evan Nov 09 '13 at 12:21
  • If you want the program running on the Server2 on specific public IP to go to Internet using Server1 than duplication of Server2 public IP on Server1 is redundant. GRE tunnel and proper routing setup is enough. – Veniamin Nov 09 '13 at 14:10
  • The program is running on Server1, the statically routed IPs are on Server2. The program expects the IPs to be statically routed on Server1 (it does lookups and such based on the IP(s) given on the interfaces). So I'm basically trying to make the program think the IPs are bounded to Server1 (where the program resides), even though they're all on Server2. If there's a better way to do this besides tunneling I'd love to know. – Evan Nov 09 '13 at 17:46
  • Well I just mixed numbers 1 and 2 in previous comment. Are there special reasons for Server2 to have IP of Server1 except forwarding traffic designated to that IP to Server1? – Veniamin Nov 09 '13 at 18:46
  • Simply because the software uses the interfaces of Server1 to make decisions. The software needs to think that Server2's public IPs are actually Server1's (Server1 is where the software is installed). – Evan Nov 10 '13 at 02:36
  • I loose my mind :). Well, your software on Server1 wants to have a special IP addess, say IP1. OK. You want the Server1 to be routed through Server2. Great. It does not mean that Server2 should also have IP1. It means *exactly* that Server1 should be routed through Server2. So, again if Server2 does not have a software that also requires IP1 then "GRE tunnel and proper routing setup is enough". If Server1 and Server2 are on the same subnet than even GRE tunnel is not needed. Or I just miss something :\. – Veniamin Nov 14 '13 at 19:13

0 Answers0