Home / server / Questions / 317823
In Process
Ali Mezgani
Asked: 2011-10-03 20:12:51 +0800 CST

Gre Tunnel Cisco Linux traffic forwarding

  • 772

I setup a gre tunnel a cisco router and a Linux machine, the tunnel interface in the Linux box named pic. Well i have to forward traffic coming from cisco through the Linux box. the rules i've set in the Linux box is described as follow: 


echo "1" > /proc/sys/net/ipv4/ip_forward
iptables  -A INPUT -p 47 -j ACCEPT
iptables  -A FORWARD -i ppp0 -j ACCEPT
iptables  -A FORWARD -i pic  -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables  -A FORWARD -i ppp0 -o pic -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables  -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
I see the traffic coming from tunnel and forwarded to internet but no reply from sent packet.

May i miss something like a routing rule.

linux cisco iptables tunneling gre

1 Answers

  1. Assuming that you don't have any rules in the firewall, and the default policy for INPUT, OUTPUT and FORWARD chains is ACCEPT, then you only need the line that enables ip forwarding and the MASQUERADE and it should work.

    If you already have rules in the firewall, then post them here with iptables --list -v -n and iptables -t nat --list -v -n so we can understand the entire setup.

    In a nutshell, you should:

    1. enable ip forwarding (as you did with the first line)
    2. enable SNAT or MASQUERADING (as you did with the last line)
    3. allow the gre protocol in the INPUT chain
    4. allow NEW connections from pic to ppp0 in the FORWARD chain
    5. allow RELATED,ESTABLISHED connections from ppp0 to pic in the FORWARD chain
    • 0