On Tue, 11 Oct 2005 14:40:10 +0200
Steve Comfort <steve@xxxxxxxxx> wrote:
Hi,
I can't understand your diagram as well. :-(
Let's suppose you have 2 hosts, host A and host B, each has an outer
("public") and an inner ("local") interface. The outer interfaces have the
IP addresses Apub and Bpub respectively, and the inner networks have the
address spaces Aloc and Bloc, respectively. Also we make use of another
pair of IP addresses, for the tunnel interfaces (10.10.10.1 and
10.10.10.2).
Then the right commands would be:
host A:
ip tunnel add net0 mode gre remote <Bpub> local <Apub>
ip address add 10.10.10.1/32 net0
ip link set net0 up
ip route add <Bloc> dev net0
host B:
ip tunnel add net0 mode gre remote <Apub> local <Bpub>
ip address add 10.10.10.2/32 net0
ip link set net0 up
ip route add <Aloc> dev net0
If the tunnel works, you can ping 10.10.10.2 from host A (and 10.10.10.1
from host B), if the routing works also, you can ping the other inner
network from each host.
> I do have a firewall, configured to do NAT on the PPP interface. I have
> also tried excluding the destination addresses from being NAt'd but this
> didn't make any difference.
Just a quick question: you do not filter out GRE (IP protocol 47) on the
firewall? (NATing GRE is a bad idea as well - it does not work AFAIK.)
And don't forget that the GRE tunnel transmits all the traffic
unencrypted, so only use it on a trusted network. (Not even on that.:-)
norbi
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
