[Stuck]GRE Tunnel

FlorinMarian

Well-Known Member
Nov 13, 2017
88
4
48
28
/etc/network/interfaces
Code:
### Hetzner Online GmbH installimage

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

iface enp0s31f6 inet6 static
  address 2a01:4f8:10a:2f8c::2
  netmask 64
  gateway fe80::1

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
    address AA.BB.CC.DD
    netmask 255.255.255.192
    gateway 88.99.151.65
    # route 88.99.151.64/26 via 88.99.151.65
    up route add -net 88.99.151.64 netmask 255.255.255.192 gw 88.99.151.65 dev enp0s31f6
        bridge_ports enp0s31f6
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
    address 192.168.0.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
    post-up iptables -t nat -A PREROUTING -p tcp -i vmbr0 --dport 22 -j DNAT --to 192.168.0.2
    post-down iptables -t nat -D PREROUTING -p tcp -i vmbr0 --dport 22 -j DNAT --to 192.168.0.2

auto tun1
iface tun1 inet static
    address 192.168.168.2
    netmask 255.255.255.252
    pre-up iptunnel add tun1 mode gre local AA.BB.CC.DD remote EE.FF.GG.HH ttl 255
    up ifconfig tun1 multicast
    pointopoint 192.168.168.1
    post-down iptunnel del tun1
    post-up ip addr add 192.168.168.2/30 dev tun1
    # echo '100 BUYVM' >> /etc/iproute2/rt_tables
    post-up ip rule add from 192.168.168.0/30 table BUYVM
    post-up ip route add default via 192.168.168.1 table BUYVM

Proxmox SSH port: 60022

What's my purpose?
To run NAT + GRE Tunnel, same server.

What I want?
AA.BB.CC.DD:60022 -> Working
EE.FF.GG.HH:60022 -> Working
AA.BB.CC.DD:22 -> Working (this port coming from 192.168.0.2)
EE.FF.GG.HH:22 -> Not Working.

Any idea?
Thank you!
 
Are the pve firewall enabled?
 
Are the pve firewall enabled?
I've tried with/without firewall at all levels (KVM machine, Server, Datacenter).
What I've found it's that I never can connect from GRE endpoint with it's hidden IP address.

To be more clear:
Proxmox: GRE + Bridge + Ethernet connection.
Protected VM (outside): GRE + Ethernet

Trying to connect from AntiDDoS endpoint via telnet:
Proxmox public IP : 22 (coming from FreeBSD machine) -> Great
Proxmox public IP: 60022 (SSH of Proxmox server itself) -> Great
Proxmox GRE IP: 22 (Connection refused)
Proxmox GRE IP: 60022 -> Great

So, I can't succeed to forward port 22 of 192.168.0.2 to 192.168.168.2 (GRE local IP address).
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!