Routing Back in LINUX!! Help Please!!!

Hi,


First of all, sorry for inconvenience! I'm configuring
(testing) the GRE with Cisco and Linux and I found
some posts in archive/google but I failed, so I'm asking help
for you, since I'm searching by a long time and no solution.
If some of you could help me.


For my test I'm using a cisco router with the
following:


eth0 - 200.210.11.130
tunnel - 1.1.1.1


------------------------------*---------------------


Linux:


eth0 - 200.210.12.9
tunnel - 1.1.1.2


I want to create a GRE tunnel from the Cisco router to
my Linux box, that are running a NIDS (snort). The
idea is:


| Internet |
|
|
|
| Cisco | --GRE--> |Linux-with-Snort| ---|
| |
| |
|____________________GRE______________|


ps: My first test, only route the OUTGOING traffic of router!


Well, the GRE from Cisco to Linux is working perfectilly.

Cisco config is like this:

/* Create the tunnel Interface */
conf t
int tunnel 0
ip address 1.1.1.1 255.255.255.0
tunnel source eth0
tunnel dest 200.210.12.9
tunnel mode gre ip
exit


/* Create a policy to send all tcp traffic to Linux via GRE */

conf t
access-list 120 permit tcp any any
route-map teste
match ip address 120
set ip next-hop 1.1.1.2
exit
int eth0
ip policy route-map teste
exit


Now, in Linux I create a GRE tunnel interface:

modprobe ip_gre.o
iptunnel add mynet mode grc remote 200.210.11.130
local 200.210.12.9 ttl 255
ip addr add 1.1.1.2/24 dev mynet
ifconfig mynet up
route add -net 1.1.1.0 netmask 255.255.255.0 dev mynet

It work well. I can ping both sides.

All packets from Cisco are arriving in the Linux Box, but I'm UNABLE to

re-route (route it back) to the Cisco via GRE. :~(

I tryed used in Linux:

ip ru add from 1.1.1.1 lookup 4
ip ro add 0.0.0.0/0 via 1.1.1.2 table 4

I tryed also other rules, like:

route add -host 200.210.11.130 gw 1.1.1.1

And a lot of mix of rules, but no success. :~(

Well, based in the documentation I belive this rule is correct, but
doesn't work.

Can someone show me how to create a rule to reoute it back to Cisco (
the
documentation isn't helping me)?

Thks for help and attention.

Chers,

"Zeckx" <(E-Mail Removed)> wrote in news:1124224410.872822.46270
@g44g2000cwa.googlegroups.com:

> Hi,
>
>
> First of all, sorry for inconvenience! I'm configuring
> (testing) the GRE with Cisco and Linux and I found
> some posts in archive/google but I failed, so I'm asking help
> for you, since I'm searching by a long time and no solution.
> If some of you could help me.
>
>
> For my test I'm using a cisco router with the
> following:
>
>
> eth0 - 200.210.11.130
> tunnel - 1.1.1.1
>
>
> ------------------------------*---------------------
>
>
> Linux:
>
>
> eth0 - 200.210.12.9
> tunnel - 1.1.1.2
>
>
> I want to create a GRE tunnel from the Cisco router to
> my Linux box, that are running a NIDS (snort). The
> idea is:
>
>
>| Internet |
> |
> |
> |
>| Cisco | --GRE--> |Linux-with-Snort| ---|
> | |
> | |
> |____________________GRE______________|
>
>
> ps: My first test, only route the OUTGOING traffic of router!
>
>
> Well, the GRE from Cisco to Linux is working perfectilly.
>
> Cisco config is like this:
>
> /* Create the tunnel Interface */
> conf t
> int tunnel 0
> ip address 1.1.1.1 255.255.255.0
> tunnel source eth0
> tunnel dest 200.210.12.9
> tunnel mode gre ip
> exit
>
>
> /* Create a policy to send all tcp traffic to Linux via GRE */
>
> conf t
> access-list 120 permit tcp any any
> route-map teste
> match ip address 120
> set ip next-hop 1.1.1.2
> exit
> int eth0
> ip policy route-map teste
> exit
>
>
> Now, in Linux I create a GRE tunnel interface:
>
> modprobe ip_gre.o
> iptunnel add mynet mode grc remote 200.210.11.130
> local 200.210.12.9 ttl 255
> ip addr add 1.1.1.2/24 dev mynet
> ifconfig mynet up
> route add -net 1.1.1.0 netmask 255.255.255.0 dev mynet
>
> It work well. I can ping both sides.
>
> All packets from Cisco are arriving in the Linux Box, but I'm UNABLE to
>
> re-route (route it back) to the Cisco via GRE. :~(
>
> I tryed used in Linux:
>
> ip ru add from 1.1.1.1 lookup 4
> ip ro add 0.0.0.0/0 via 1.1.1.2 table 4


Try

ip ro add 0.0.0.0/0 via 1.1.1.1 dev mynet

That would make the tunnel the default gateway. Not sure you really want
that. You should specify a route for each individual subnet you want to get
to via the GRE tunnel.

Klazmon





>
> I tryed also other rules, like:
>
> route add -host 200.210.11.130 gw 1.1.1.1
>
> And a lot of mix of rules, but no success. :~(
>
> Well, based in the documentation I belive this rule is correct, but
> doesn't work.
>
> Can someone show me how to create a rule to reoute it back to Cisco (
> the
> documentation isn't helping me)?
>
> Thks for help and attention.
>
> Chers,
>
>

Yo Klazmon

Thks for reply, but I already had added this route without success

# ip ro add 0.0.0.0/0 via 1.1.1.1 dev mynet
RTNETLINK answers: File exists

cya

"Zeckx" <(E-Mail Removed)> wrote in news:1124484613.136363.32370
@g44g2000cwa.googlegroups.com:

> Yo Klazmon
>
> Thks for reply, but I already had added this route without success
>
> # ip ro add 0.0.0.0/0 via 1.1.1.1 dev mynet
> RTNETLINK answers: File exists


The 0.0.0.0/0 is the default gateway. The above error is because you
already have a default gateway defined. You can either change your default
gateway to 1.1.1.1 or delete the route for the existing default gatway and
add the route above, (note that the latter is not a permanent change).The
'ip ro' command by itself will list the current routes known to your system
(equivalent to 'sh ip route' on the cisco). It will print the words default
gateway on the line referring to the 0.0.0.0/0 route.

Klazmon.
>
> cya
>
>

Hi Klazmon

Thank you for good information.

Cheers,