Re: GRE-NAT broken - SOLVED

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Am 03.02.2018 um 00:18 schrieb Grant Taylor:
>
> Maybe, maybe not.
>
> I thought you had additional globally routed IPs bound to the outside
> interface that were DNATed into the VMs.  (Have I remembered
> incorrectly?)
They're bridged through the physical interface and should not interfere
with the other packages.
>
> If that is the case, then MASQUERADEing will likely cause at least one
> of the tunnels to end up with the wrong GRE source IP on outgoing
> packets.
>
How do you mean that with at least one of the tunnels? Could you give an
example?

In fact I do have one tunnel, that is still down. I ignored it, because
I thought there might be another problem with that one.
>
>> True, but the implementation and my configuration of the same should
>> handle both cases.
>
> I think it's a complication related to interaction between arrival
> timing and what Connection Tracking is expecting.  Hence the
> "UNREPLIED" in the output of conntrack -L.
How do you mean this exactly? The first package might be incoming or
outgoing. Or are you thinking of the case, that they might arrive the
(almost) the same time?
>
>> I'd have to look that up. So far the ping keeps the tunnels going.
>
> Well, I think that's a good thing.  It seems like we're narrowing in
> on the problem.  The solution to said problem may be something else.
> (Unless you want to just leave persistent pings running.  }:-)
>
The ping workaround still works :).

Bye,
Matthias

--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux