All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Problem creating chained GRE Tunnels
I am trying to create 2 chained GRE Tunnels, like this scheme: PC1 receives the packets via ETH0, then it forwards to PC2 using the first tunnel (GRE1), then PC2 forwards to PC3 using the second tunnel (GRE2), reaching its final destination:
. |----------------------| |----------------------| |----------------------|
.--+--ETH0 GRE1--+-------------+--GRE1 GRE2--+------------+--GRE2 |
. |----------------------| |----------------------| |----------------------|
. PC1 as router PC2 as router PC3 :final destination
The tunnels are working OK (I can ping PC1 <-> PC2 using the GRE1 tunnel, and the same with PC2 <-> PC3 using GRE2).
Problem is that the packets arrive at PC2, but they are not forwarded to PC3.
ETH0: public IP = 1.1.1.1
GRE1: 192.168.10.1 (on PC1) and 192.168.10.2 (on PC2)
GRE2: 192.168.20.1 (on PC2) and 192.168.20.2 (on PC3)
PC1 iptables:
iptables -t nat -A PREROUTING -p tcp -d 1.1.1.1 --dport 3306 -j DNAT --to-destination 192.168.10.2:3306
iptables -I FORWARD -m state -d 192.168.10.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
PC2 iptables:
iptables -t nat -I PREROUTING -p tcp -d 192.168.10.2 --dport 3306 -j DNAT --to-destination 192.168.20.2:3306
iptables -I FORWARD -m state -d 192.168.20.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
What I am doing wrong?
Comments
Well, for starters you're ignoring the routing.
PC1 has zero clue where PC3 is. It has to know that It's via PC2. Firewall is not enough ;-).
OK, thanks for the info. How can this be achieved?
Simply use route add -net xyz.xyz.xyz.xyz/xyz gw xyz.xyz.xyz.xyz
Where net is the the subnet you want to reach over gw from the corresponding unit.
In large networks, this is done using OSPF or BGP.