0

I want to route public IPs from server A and use them on server B. I created the GRE tunnel and it works. I then setup a route on server A in the following way:

(public IP not actual IP) 192.168.11.111 via 10.0.33.50 dev tun2

On server B I binded IP to dev eth0 and added route:

(public IP not actual IP) 192.168.11.111 dev eth0 scope link

Issue i'm having is when I test using netcat I have no connectivity. IP MASquerading wouldn't solve my problem since it doesn't use the IP from server A. any help would be greatly appreciated.

Jason
  • 1
  • 2
  • thanks tero, sorry 8.8.8.8 is not the google DNS server its the public IP i'm trying to route to server B. – Jason Sep 25 '16 at 06:56
  • The same principle still applies. You need NAT on the server that has public IP to forward ports to server B's tunnel IP address. – Tero Kilkanen Sep 25 '16 at 13:34

3 Answers3

0

You are getting asymmetric routing with your setup. Packets from your end are routed via the tunnel to the 8.8.8.8 with source IP address in the 10.0.33.0/24 network. I think that Google's external firewalls drop packets with private network addresses, so 8.8.8.8 will never receive the packet.

If you want to route the packets back via the tunnel, you have to use NAT on the other end of the tunnel, which changes source IP address to other end's IP address.

It can also be that the client end of the tunnel uses its Internet facing IP address for the packets sent to the tunnel. In that case, the result is asymmetric routing. Packets from the client are sent via the tunnel to 8.8.8.8, but 8.8.8.8 sends packets directly to the client's own IP address, which might also cause issues.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
0

I totally hate to tell you, but you have serious problems with your setup.

(public IP) 192.168.11.111 via 10.0.33.50 dev tun2

Your so called public IP - is private and not routed over the internet. It is part of the RFC 1918 address space. On BOTH ends. Which means that the setup needs reverse NAT on both ends and the real public ip addresses to work.

TomTom
  • 50,857
  • 7
  • 52
  • 134
-3

the issue was with server B. I tested this on other server and it worked. Not sure why this particular server doesn't work with gre tunnels. thanks for your time and comments.

Jason
  • 1
  • 2
  • This doesn't answer the question. It tells what the solution was, in a very broad, non-helpful sense, but it does not answer the question you asked. – EEAA Sep 28 '16 at 15:48