Re: Routing Back in LINUX!! Help Please!!!
From: Llanzlan Klazmon (Klazmon_at_llurdiaxorb.govt)
Date: 08/17/05
- Next message: Dan: "Re: Gateways... really confusing"
- Previous message: CL (dnoyeB) Gilbert: "Re: Will Samba work with XP Home?"
- In reply to: Zeckx: "Routing Back in LINUX!! Help Please!!!"
- Next in thread: Zeckx: "Re: Routing Back in LINUX!! Help Please!!!"
- Reply: Zeckx: "Re: Routing Back in LINUX!! Help Please!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 17 Aug 2005 12:14:47 +1200
"Zeckx" <zgrp_zgrp@yahoo.com.br> wrote in news:1124224410.872822.46270
@g44g2000cwa.googlegroups.com:
> Hi,
>
>
> First of all, sorry for inconvenience! I'm configuring
> (testing) the GRE with Cisco and Linux and I found
> some posts in archive/google but I failed, so I'm asking help
> for you, since I'm searching by a long time and no solution. :(
> If some of you could help me. :)
>
>
> For my test I'm using a cisco router with the
> following:
>
>
> eth0 - 200.210.11.130
> tunnel - 1.1.1.1
>
>
> ---------------------------------------------------
>
>
> Linux:
>
>
> eth0 - 200.210.12.9
> tunnel - 1.1.1.2
>
>
> I want to create a GRE tunnel from the Cisco router to
> my Linux box, that are running a NIDS (snort). The
> idea is:
>
>
>| Internet |
> |
> |
> |
>| Cisco | --GRE--> |Linux-with-Snort| ---|
> | |
> | |
> |____________________GRE______________|
>
>
> ps: My first test, only route the OUTGOING traffic of router!
>
>
> Well, the GRE from Cisco to Linux is working perfectilly.
>
> Cisco config is like this:
>
> /* Create the tunnel Interface */
> conf t
> int tunnel 0
> ip address 1.1.1.1 255.255.255.0
> tunnel source eth0
> tunnel dest 200.210.12.9
> tunnel mode gre ip
> exit
>
>
> /* Create a policy to send all tcp traffic to Linux via GRE */
>
> conf t
> access-list 120 permit tcp any any
> route-map teste
> match ip address 120
> set ip next-hop 1.1.1.2
> exit
> int eth0
> ip policy route-map teste
> exit
>
>
> Now, in Linux I create a GRE tunnel interface:
>
> modprobe ip_gre.o
> iptunnel add mynet mode grc remote 200.210.11.130
> local 200.210.12.9 ttl 255
> ip addr add 1.1.1.2/24 dev mynet
> ifconfig mynet up
> route add -net 1.1.1.0 netmask 255.255.255.0 dev mynet
>
> It work well. I can ping both sides.
>
> All packets from Cisco are arriving in the Linux Box, but I'm UNABLE to
>
> re-route (route it back) to the Cisco via GRE. :~(
>
> I tryed used in Linux:
>
> ip ru add from 1.1.1.1 lookup 4
> ip ro add 0.0.0.0/0 via 1.1.1.2 table 4
Try
ip ro add 0.0.0.0/0 via 1.1.1.1 dev mynet
That would make the tunnel the default gateway. Not sure you really want
that. You should specify a route for each individual subnet you want to get
to via the GRE tunnel.
Klazmon
>
> I tryed also other rules, like:
>
> route add -host 200.210.11.130 gw 1.1.1.1
>
> And a lot of mix of rules, but no success. :~(
>
> Well, based in the documentation I belive this rule is correct, but
> doesn't work.
>
> Can someone show me how to create a rule to reoute it back to Cisco (
> the
> documentation isn't helping me)?
>
> Thks for help and attention.
>
> Chers,
>
>
- Next message: Dan: "Re: Gateways... really confusing"
- Previous message: CL (dnoyeB) Gilbert: "Re: Will Samba work with XP Home?"
- In reply to: Zeckx: "Routing Back in LINUX!! Help Please!!!"
- Next in thread: Zeckx: "Re: Routing Back in LINUX!! Help Please!!!"
- Reply: Zeckx: "Re: Routing Back in LINUX!! Help Please!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
