OpenVZ Forum


Home » General » Support » NATed GRE packets does not reach VETH (NAT,GRE,VETH)
Re: NATed GRE packets does not reach VETH (NAT,GRE,VETH) [message #33694 is a reply to message #33692] Fri, 31 October 2008 14:36 Go to previous messageGo to previous message
a1bert is currently offline  a1bert
Messages: 9
Registered: October 2007
Location: .cz
Junior Member
gre packet arrives via tun102 iface, should be NATed and then go out via eth0:


Linux routername 2.6.24-6-fza-686 #1 SMP Mon May 19 06:30:48 UTC 2008 i686 GNU/Linux


ip ro:
10.255.255.32 dev tun102  proto kernel  scope link  src 10.255.255.31 
x.x.202.20 dev lo  scope link 
y.y.227.192/27 dev eth0  proto kernel  scope link  src y.y.227.193 
10.24.127.0/24 dev eth0  proto kernel  scope link  src 10.24.127.8 
10.1.0.0/16 via 10.255.255.32 dev tun102 
default via 10.24.127.1 dev eth0 



  
# Generated by iptables-save v1.3.6 on Fri Oct 31 15:26:39 2008
*mangle
:PREROUTING ACCEPT [1537:90221]
:INPUT ACCEPT [328:27453]
:FORWARD ACCEPT [1199:62254]
:OUTPUT ACCEPT [233:35478]
:POSTROUTING ACCEPT [1432:97732]
COMMIT
# Completed on Fri Oct 31 15:26:39 2008
# Generated by iptables-save v1.3.6 on Fri Oct 31 15:26:39 2008
*filter
:INPUT ACCEPT [328:27453]
:FORWARD ACCEPT [1199:62254]
:OUTPUT ACCEPT [235:35742]
COMMIT
# Completed on Fri Oct 31 15:26:39 2008
# Generated by iptables-save v1.3.6 on Fri Oct 31 15:26:39 2008
*nat
:PREROUTING ACCEPT [23:1847]
:POSTROUTING ACCEPT [3:230]
:OUTPUT ACCEPT [2:175]
[2:175] -A POSTROUTING -s 10.24.127.8 -o eth0 -j RETURN 
[8:456] -A POSTROUTING -s 10.0.0.0/255.0.0.0 -o eth0 -p gre -j SNAT --to-source x.x.202.20 
[2:108] -A POSTROUTING -s 10.0.0.0/255.0.0.0 -o eth0 -j SNAT --to-source x.x.202.20 
COMMIT


tcpdump -i tun102 proto gre -n
tcpdump: WARNING: arptype 65534 not supported by libpcap - falling back to  
cooked socket
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun102, link-type LINUX_SLL (Linux cooked), capture size 96    
bytes
15:26:12.752991 IP 10.1.60.35 > 1.1.1.1: GREv1, call 5159, seq 0,length 37: LCP, Conf-Request (0x01), id 0, length 23
15:26:14.743937 IP 10.1.60.35 > 1.1.1.1: GREv1, call 5159, seq 1,length 37: LCP, Conf-Request (0x01), id 1, length 23
15:26:17.742849 IP 10.1.60.35 > 1.1.1.1: GREv1, call 5159, seq 2,length 37: LCP, Conf-Request (0x01), id 2, length 23
15:26:21.741342 IP 10.1.60.35 > 1.1.1.1: GREv1, call 5159, seq 3,length 37: LCP, Conf-Request (0x01), id 3, length 23
15:26:25.739857 IP 10.1.60.35 > 1.1.1.1: GREv1, call 5159, seq 4,length 37: LCP, Conf-Request (0x01), id 4, length 23


tcpdump -i eth0 proto gre -n
(note, only GRE from remote end, no NATted gre packets)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:26:12.735405 IP1.1.1.1 > x.x.202.20: GREv1, call 32768, seq 1, ack 4294967295, length 35: LCP, Conf-Request (0x01), id 0, length 17
15:26:15.673657 IP1.1.1.1 > x.x.202.20: GREv1, call 32768, seq 2, length 31: LCP, Conf-Request (0x01), id 1, length 17
15:26:18.672094 IP1.1.1.1 > x.x.202.20: GREv1, call 32768, seq 3, length 31: LCP, Conf-Request (0x01), id 2, length 17
15:26:21.672513 IP1.1.1.1 > x.x.202.20: GREv1, call 32768, seq 4, length 31: LCP, Conf-Request (0x01), id 3, length 17
15:26:24.670767 IP1.1.1.1 > x.x.202.20: GREv1, call 32768, seq 5, length 31: LCP, Conf-Request (0x01), id 4, length 17
15:26:27.669076 IP1.1.1.1 > x.x.202.20: GREv1, call 32768, seq 6, length 31: LCP, Conf-Request (0x01), id 5, length 17

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: SSH and IPTABLES
Next Topic: Install OS without a OSTemplate?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun Jul 28 02:27:10 GMT 2024

Total time taken to generate the page: 0.02656 seconds
Powered by FUDforum Powered by Virtuozzo Containers