Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
waltaki2021-08-05 19:51:41
linux
waltaki, 2021-08-05 19:51:41

GRE tunnel packets coming back from wrong IP?

Hello.

I have 2 servers.
Server A:

Основной IP - 135.100.200.112
Доп IP1 - 135.100.200.224
Доп IP2 - 135.100.200.226

Server B:
Основной IP - 168.100.70.157

I am forwarding tunnel 2 additional via GRE. IP from server A to server B.

Server A /etc/network/interfaces:
auto tun0 
iface tun0 inet static
        address 10.10.40.2
        network 255.255.255.252
        pointopoint 135.100.200.224
        mtu 1350

        up arp -sD 135.100.200.224 eth0 pub
        pre-up  ip tunnel add $IFACE mode gre remote 168.100.70.157 local 135.100.200.112 dev eth0
        pre-up  ip link set $IFACE up
        post-down ip link set $IFACE down
        post-down ip tunnel del $IFACE

auto tun0:0
iface tun0:0 inet static
        address 10.10.40.2
        network 255.255.255.252
        pointopoint 135.100.200.226
        mtu 1350

        up arp -sD 135.100.200.226 eth0 pub

Server B /etc/network/interfaces:
auto tun0
iface tun0 inet static
    address 135.100.200.224
    netmask 255.255.255.252
    pointopoint 10.10.40.2
    mtu 1350
    pre-up /sbin/ip tunnel add $IFACE mode gre remote 135.100.200.112 local 168.100.70.157 dev enp35s0
    post-up /sbin/ip ru add from 135.100.200.224 lookup 12 priority 17
    post-up /sbin/ip ro add default via 10.10.40.2 dev $IFACE src 135.100.200.224 table 12  mtu 1350 advmss 1310
    pre-down /sbin/ip ro del default via 10.10.40.2 dev $IFACE src 135.100.200.224 table 12 mtu 1350 advmss 1310
    pre-down /sbin/ip ru del from 10.10.40.2 lookup 12 priority 17
    post-down /sbin/ip tunnel del $IFACE


auto tun0:0
iface tun0:0 inet static
    address 135.100.200.226
    netmask 255.255.255.252
    pointopoint 10.10.40.2
    mtu 1350
    post-up /sbin/ip ru add from 135.100.200.226 lookup 12 priority 17
    post-up /sbin/ip ro add default via 10.10.40.2 dev $IFACE src 135.100.200.226 table 12  mtu 1350 advmss 1310
    pre-down /sbin/ip ro del default via 10.10.40.2 dev $IFACE src 135.100.200.226 table 12 mtu 1350 advmss 1310
    pre-down /sbin/ip ru del from 135.100.200.226 lookup 12 priority 17


Everything works great, though! If you look at which IP the packets are coming from, then this is the main IP of server A.
Сервер В ~ # curl --interface 135.100.200.226 https://api4.my-ip.io/ip
135.100.200.112

What could be the problem? How to achieve that in response there was an additional IP 135.100.200.226, and not the main 135.100.200.112?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
K
ky0, 2021-08-05
@ky0

From which address the packets go to the Internet in accordance with the rules of the firewall / routing, this will be visible. It is not enough to forward the address into the tunnel - you also need to tell the gateway from which address to release data from it to the Internet.

Similar questions
V
Vitaly Gusev2020-09-23 10:38:10
How to clone ext4 partitions? 1Reply
T
Triglav772020-09-23 10:47:32
How to change folder permissions with sudo? 3Reply
R
Ricardo Sanchez2022-01-20 09:16:17
How to make Remmina save password? 1Reply
A
Alexey Kot2016-06-21 18:08:38
Why does the server stop responding remotely? 2Reply
D
Diana Elejan2020-09-23 17:06:04
Web application security analysis, Firebird 3.0 database encryption? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question