GRE not Forwarding origin IP
I've followed the BuyVM Guide found here on creating a GRE Tunnel to protect my main server against DDOS attacks (http://wiki.buyvm.net/doku.php/gre_tunnel)
I've followed through this whole guide and the tunnel works thats fine, and even if I use the Interface gre0 to get the IP of the box it shows as the protected IP, but when any traffic passes through this it is assigned the local IP of the adapter (192.168.10.1) rather then the origin IP it was originally requested from.
I have made sure that net.ipv4.ip_forward is set to 1 in the sysctrl.conf and I also setup the routing tables as shown in the guide, swapping the IP's to the ones I specified (192.168.10.1, 192.168.10.2), but still cannot get it to work correctly.
Is there something I'm missing, and is the guide incorrect?
linux networking tunneling
edited Feb 2 '15 at 2:53
jasonwryan
50.8k14135190
asked Feb 2 '15 at 2:43
Damien DDamien D
1
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I've followed the BuyVM Guide found here on creating a GRE Tunnel to protect my main server against DDOS attacks (http://wiki.buyvm.net/doku.php/gre_tunnel)
I've followed through this whole guide and the tunnel works thats fine, and even if I use the Interface gre0 to get the IP of the box it shows as the protected IP, but when any traffic passes through this it is assigned the local IP of the adapter (192.168.10.1) rather then the origin IP it was originally requested from.
I have made sure that net.ipv4.ip_forward is set to 1 in the sysctrl.conf and I also setup the routing tables as shown in the guide, swapping the IP's to the ones I specified (192.168.10.1, 192.168.10.2), but still cannot get it to work correctly.
Is there something I'm missing, and is the guide incorrect?
linux networking tunneling
edited Feb 2 '15 at 2:53
jasonwryan
50.8k14135190
asked Feb 2 '15 at 2:43
Damien DDamien D
1
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I've followed the BuyVM Guide found here on creating a GRE Tunnel to protect my main server against DDOS attacks (http://wiki.buyvm.net/doku.php/gre_tunnel)
I've followed through this whole guide and the tunnel works thats fine, and even if I use the Interface gre0 to get the IP of the box it shows as the protected IP, but when any traffic passes through this it is assigned the local IP of the adapter (192.168.10.1) rather then the origin IP it was originally requested from.
I have made sure that net.ipv4.ip_forward is set to 1 in the sysctrl.conf and I also setup the routing tables as shown in the guide, swapping the IP's to the ones I specified (192.168.10.1, 192.168.10.2), but still cannot get it to work correctly.
Is there something I'm missing, and is the guide incorrect?
linux networking tunneling
edited Feb 2 '15 at 2:53
jasonwryan
50.8k14135190
asked Feb 2 '15 at 2:43
Damien DDamien D
1
I've followed the BuyVM Guide found here on creating a GRE Tunnel to protect my main server against DDOS attacks (http://wiki.buyvm.net/doku.php/gre_tunnel)
I've followed through this whole guide and the tunnel works thats fine, and even if I use the Interface gre0 to get the IP of the box it shows as the protected IP, but when any traffic passes through this it is assigned the local IP of the adapter (192.168.10.1) rather then the origin IP it was originally requested from.
I have made sure that net.ipv4.ip_forward is set to 1 in the sysctrl.conf and I also setup the routing tables as shown in the guide, swapping the IP's to the ones I specified (192.168.10.1, 192.168.10.2), but still cannot get it to work correctly.
Is there something I'm missing, and is the guide incorrect?
linux networking tunneling
linux networking tunneling
edited Feb 2 '15 at 2:53
jasonwryan
50.8k14135190
asked Feb 2 '15 at 2:43
Damien DDamien D
1
edited Feb 2 '15 at 2:53
jasonwryan
50.8k14135190
asked Feb 2 '15 at 2:43
Damien DDamien D
1
edited Feb 2 '15 at 2:53
jasonwryan
50.8k14135190
edited Feb 2 '15 at 2:53
jasonwryan
50.8k14135190
edited Feb 2 '15 at 2:53
jasonwryan
50.8k14135190
50.8k14135190
asked Feb 2 '15 at 2:43
Damien DDamien D
1
asked Feb 2 '15 at 2:43
Damien DDamien D
1
asked Feb 2 '15 at 2:43
Damien DDamien D
1
1
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Src IP of a packet changes because of NAT. Check ip ru ls, ip ro ls or iptables -t nat -L -nv. Look for MASQUERADE, SNAT or map-to, either of which indicates NAT. Check an IP's route like ip ro get 192.168.10.10
answered Feb 2 '15 at 12:43
Nizam MohamedNizam Mohamed
42536
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f182381%2fgre-not-forwarding-origin-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Src IP of a packet changes because of NAT. Check ip ru ls, ip ro ls or iptables -t nat -L -nv. Look for MASQUERADE, SNAT or map-to, either of which indicates NAT. Check an IP's route like ip ro get 192.168.10.10
answered Feb 2 '15 at 12:43
Nizam MohamedNizam Mohamed
42536
add a comment |
Src IP of a packet changes because of NAT. Check ip ru ls, ip ro ls or iptables -t nat -L -nv. Look for MASQUERADE, SNAT or map-to, either of which indicates NAT. Check an IP's route like ip ro get 192.168.10.10
answered Feb 2 '15 at 12:43
Nizam MohamedNizam Mohamed
42536
add a comment |
Src IP of a packet changes because of NAT. Check ip ru ls, ip ro ls or iptables -t nat -L -nv. Look for MASQUERADE, SNAT or map-to, either of which indicates NAT. Check an IP's route like ip ro get 192.168.10.10
answered Feb 2 '15 at 12:43
Nizam MohamedNizam Mohamed
42536
Src IP of a packet changes because of NAT. Check ip ru ls, ip ro ls or iptables -t nat -L -nv. Look for MASQUERADE, SNAT or map-to, either of which indicates NAT. Check an IP's route like ip ro get 192.168.10.10
answered Feb 2 '15 at 12:43
Nizam MohamedNizam Mohamed
42536
edited Feb 2 '15 at 13:34
answered Feb 2 '15 at 12:43
Nizam MohamedNizam Mohamed
42536
answered Feb 2 '15 at 12:43
Nizam MohamedNizam Mohamed
42536
answered Feb 2 '15 at 12:43
Nizam MohamedNizam Mohamed
42536
42536
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f182381%2fgre-not-forwarding-origin-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
