Gre protocol forwarding to VM not work

trabogano

New Member
May 12, 2023
13
0
1
Hi everyone, I have a proxmox on a dedicated server that has a public ip on the WAN side and I created a DMZ to a virtual machine inside it, I noticed that everything passes except the gre protocol. Can you give me a hand please?
Below I put the configuration of the interfaces:
Code:
auto lo
iface lo inet loopback

iface enp35s0 inet manual <- Uplink interface

iface enp36s0 inet manual

iface enx2ecbfb84894d inet manual

auto vmbr0
iface vmbr0 inet static
        address 217.xxx.xxx.xxx/32
        gateway 10.255.255.1
        bridge-ports enp35s0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 10.128.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        #Abilito il forwarding
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        #Abilito il masquerade verso la rete uplink delle vm all'avvio dell'interfaccia
        post-up iptables -t nat -A POSTROUTING -s '10.128.0.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.128.0.0/24' -o vmbr0 -j MASQUERADE
        #Creo un DMZ verso la VM di RouterOS
        post-up iptables -t nat -A PREROUTING -p tcp --dport 22 -j ACCEPT
        post-up iptables -t nat -A PREROUTING -p tcp --dport 8006 -j ACCEPT
        post-up iptables -t nat -A PREROUTING -i vmbr0 -j DNAT --to-destination 10.128.0.2
        post-down iptables -t nat -D PREROUTING -p tcp --dport 22 -j ACCEPT
        post-down iptables -t nat -D PREROUTING -p tcp --dport 8006 -j ACCEPT
        post-down iptables -t nat -D PREROUTING -i vmbr0 -j DNAT --to-destination 10.128.0.2

The firewall in the virtual machine interface is disabled.

I also try to add
iptables -I FORWARD -p gre -j ACCEPT
But nothing change on Routeros VM i can't receive any gre packets :(
 
Hi everyone, I have a proxmox on a dedicated server that has a public ip on the WAN side and I created a DMZ to a virtual machine inside it, I noticed that everything passes except the gre protocol. Can you give me a hand please?
Below I put the configuration of the interfaces:
Code:
auto lo
iface lo inet loopback

iface enp35s0 inet manual <- Uplink interface

iface enp36s0 inet manual

iface enx2ecbfb84894d inet manual

auto vmbr0
iface vmbr0 inet static
        address 217.xxx.xxx.xxx/32
        gateway 10.255.255.1
        bridge-ports enp35s0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 10.128.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        #Abilito il forwarding
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        #Abilito il masquerade verso la rete uplink delle vm all'avvio dell'interfaccia
        post-up iptables -t nat -A POSTROUTING -s '10.128.0.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.128.0.0/24' -o vmbr0 -j MASQUERADE
        #Creo un DMZ verso la VM di RouterOS
        post-up iptables -t nat -A PREROUTING -p tcp --dport 22 -j ACCEPT
        post-up iptables -t nat -A PREROUTING -p tcp --dport 8006 -j ACCEPT
        post-up iptables -t nat -A PREROUTING -i vmbr0 -j DNAT --to-destination 10.128.0.2
        post-down iptables -t nat -D PREROUTING -p tcp --dport 22 -j ACCEPT
        post-down iptables -t nat -D PREROUTING -p tcp --dport 8006 -j ACCEPT
        post-down iptables -t nat -D PREROUTING -i vmbr0 -j DNAT --to-destination 10.128.0.2

The firewall in the virtual machine interface is disabled.

I also try to add
iptables -I FORWARD -p gre -j ACCEPT
But nothing change on Routeros VM i can't receive any gre packets :(
Hi,
were you able to solve the problem? Unfortunately I have the same problem.

Thanks.
 
Hi,
were you able to solve the problem? Unfortunately I have the same problem.

Thanks.
No, they told me after countless tests that for security reasons they cannot make adjustments to their network systems so that protocol cannot work.