[Solved] use iptables with IP in IP Tunnel

jarekjarecki

New Member
Joined
Apr 3, 2021
Messages
4
Reaction score
1
Credits
82
Hi guys,

I've got another issue. I made a test IP in IP tunnel like in this article https://sites.google.com/site/mrxpalmeiras/linux/create-ipip-tunnel-between-networks

Then on machine A:

iptables -t nat -A PREROUTING -d 101.131.77.67 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.2

where 101.131.77.67 is public IP of machine A and 192.168.0.2 is IP of IP in IP tunnel machine B

It works fine - after sending a packet to 101.131.77.67 on port 80 I receive a packet on tunnel-a on machine B with source IP of external client and destination of 192.168.0.2 which is IP of IPinIP tunnel of machine B.

Then on the machine B I made:

iptables -t nat -A PREROUTING -d 192.168.0.2 -p tcp -j DNAT --to-destination 172.16.0.2

where 172.16.0.2 is a machine in local network where I want to redirect whole traffic again and this doesn't work at all - it doesn't redirect anything and I'm still able to receive packets on machine B.

It looks like this:

client ---> ----[HTTP request]---- ---->server 1 port 80 ----> ----[IP in IP encapsulated client packet]---- ---> server 2 IP in IP interface ( 192.168.0.2 ) --->

This part works fine.

but after adding [iptables -t nat -A PREROUTING -d 192.168.0.2 -p tcp -j DNAT --to-destination 172.16.0.2]

nothing changes. Packets are not forwarded to the next server.

It looks like iptables doesn't affect IPIP decapsulated packets at all.

Do you have any idea what can be causing it?
 
Last edited:


Solution was:

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

as well as

sysctl net.ipv4.conf.eth0.rp_filter=0
sysctl net.ipv4.conf.eth1.rp_filter=0
sysctl net.ipv4.conf.gre0.rp_filter=0
sysctl net.ipv4.conf.gre1.rp_filter=0

Please mark a thread as solved/closed as you wish.
 
Thanks for letting us know the solution. You could have edited the title to say [Solved] but I've taken care of it.
 

Members online


Latest posts

Top