[plug] Routing with nonat - ssh tunnel and port forwarding
Carl Gherardi
carl.gherardi at gmail.com
Thu Mar 19 09:19:36 WST 2009
> For simply tunnelling the IP traffic across the network you can create a
> tunnel trivially, with either IP-in-IP or GRE, on Linux, without a
> problem.
>
> IP-in-IP is relatively Linux specific, but easy:
>
> ip tunnel add example1 mode ipip remote 1.2.3.4 local 5.6.7.8 \
> ttl 64 dev eth0
>
> GRE is not Linux specific, so you can terminate it at any host that
> supports a GRE tunnel. The same is true of IPIP tunnels, but less
> things support them. Anyway:
>
> ip tunnel add example2 mode gre remote 1.2.3.4 local 5.6.7.8 \
> ttl 64 dev eth0
>
> GRE also supports multiple tunnels with the same host, through the key,
> csum and seq features, about which you can learn if you want.
>
> IPIP tunnels only carry IPv4, GRE carries anything.
Thanks for this. I found ssh -w last night and that seemed
appropriate. I've had problems stacking the additional tun device on
the existing vpnc connection (which is how i'm hopping the broken
equip in 1 direction)
> and that PMTU discovery is enabled on your application servers, or
> manually configure their MTU.
Need to look this up.
> Footnotes:
> [1] ...well, personally I would make the life of whoever owned the
> faulty device in the middle hell until they fixed their problem, so
> that I didn't have to work around it, since it saves work in the
> long run, but if you can't do that then you are correct... ;)
The broken peice of equipment is 'no line installed', which we are on
but is going to take longer than acceptable.
Thanks
Carl G
More information about the plug
mailing list