jarekjarecki
New Member
Hi guys,
I've got another issue. I made a test IP in IP tunnel like in this article https://sites.google.com/site/mrxpalmeiras/linux/create-ipip-tunnel-between-networks
Then on machine A:
iptables -t nat -A PREROUTING -d 101.131.77.67 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.2
where 101.131.77.67 is public IP of machine A and 192.168.0.2 is IP of IP in IP tunnel machine B
It works fine - after sending a packet to 101.131.77.67 on port 80 I receive a packet on tunnel-a on machine B with source IP of external client and destination of 192.168.0.2 which is IP of IPinIP tunnel of machine B.
Then on the machine B I made:
iptables -t nat -A PREROUTING -d 192.168.0.2 -p tcp -j DNAT --to-destination 172.16.0.2
where 172.16.0.2 is a machine in local network where I want to redirect whole traffic again and this doesn't work at all - it doesn't redirect anything and I'm still able to receive packets on machine B.
It looks like this:
client ---> ----[HTTP request]---- ---->server 1 port 80 ----> ----[IP in IP encapsulated client packet]---- ---> server 2 IP in IP interface ( 192.168.0.2 ) --->
This part works fine.
but after adding [iptables -t nat -A PREROUTING -d 192.168.0.2 -p tcp -j DNAT --to-destination 172.16.0.2]
nothing changes. Packets are not forwarded to the next server.
It looks like iptables doesn't affect IPIP decapsulated packets at all.
Do you have any idea what can be causing it?
I've got another issue. I made a test IP in IP tunnel like in this article https://sites.google.com/site/mrxpalmeiras/linux/create-ipip-tunnel-between-networks
Then on machine A:
iptables -t nat -A PREROUTING -d 101.131.77.67 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.2
where 101.131.77.67 is public IP of machine A and 192.168.0.2 is IP of IP in IP tunnel machine B
It works fine - after sending a packet to 101.131.77.67 on port 80 I receive a packet on tunnel-a on machine B with source IP of external client and destination of 192.168.0.2 which is IP of IPinIP tunnel of machine B.
Then on the machine B I made:
iptables -t nat -A PREROUTING -d 192.168.0.2 -p tcp -j DNAT --to-destination 172.16.0.2
where 172.16.0.2 is a machine in local network where I want to redirect whole traffic again and this doesn't work at all - it doesn't redirect anything and I'm still able to receive packets on machine B.
It looks like this:
client ---> ----[HTTP request]---- ---->server 1 port 80 ----> ----[IP in IP encapsulated client packet]---- ---> server 2 IP in IP interface ( 192.168.0.2 ) --->
This part works fine.
but after adding [iptables -t nat -A PREROUTING -d 192.168.0.2 -p tcp -j DNAT --to-destination 172.16.0.2]
nothing changes. Packets are not forwarded to the next server.
It looks like iptables doesn't affect IPIP decapsulated packets at all.
Do you have any idea what can be causing it?
Last edited: