On 5/19/07, shetravel <shetravel@xxxxxxxxx> wrote:
Hi, Does anyone tried to get ipip or gre tunnel behind NAT environments. ?
i'm trying to make both side tunneling with ipip or gre with private address
just like belows..
A -------------------FIRWWAL -------------------INET ------------------- B
PRIVATE PUBLIC
PUBLIC
(10.100.0.1) (211.xxx.xxx.xxx)
(211.xxx.xxx.xxx)
is it possible to make both side connections with IPIP or GRE tunnels ?
thanks in advance.
If the firewall is a linux system, you should be able to easily use
DNAT to forward the ipip or gre packets to host 'A'.
Something like...
iptables -t nat -A PREROUTING -i [Firewall's internet facing
interface] -s [Host B's IP] -d [Firewall's public IP] -p ipip -j DNAT
--to-destination [Host A's IP]
I'm not sure if connection tracking will do any of this automatically,
but if it were going to work, A would have to send packets to B over
the tunnel first before B could send to A.
--
Ryan Castellucci http://ryanc.org/
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
