how to forward ip tunnel's output

August 13, 2010 at 10:23:19
Specs: ubuntu
Hi,
I'm trying to implement a routing short-cut solution, whose requirement is as following:
server1(Linux) sends ip packets(destined to server3) to server2(Linux) via an ip tunnel between them, server2 forwards the ip tunnel's output (the inner ip packets) to server3. Each server has only one NIC and a public ip associated with it. All servers can communicate with each other.
I'm sure the ip tunnel between server1 and server2 was configured correctly and worked well. server2's ip_forward was enabled too. On server2, I can capture the traffic on the ip tunnel interface, and they are originated from server1 and destined to server3. The problem is server2 does not forward the ip tunnel's output at all.
On server2, I just run "echo 1 > /proc/sys/net/ipv4/ip_forward". Is there anything I missed for enabling ip_forward?
Or originally, ip forward can't work on servers with only one NIC, can it?
Any help would be greatly appreciated!
Thanks a lot!

See More: how to forward ip tunnels output

Report •

#1
August 13, 2010 at 12:21:29
why would you want to relay it thru server2?
you should just create an additional tunnel from server1 to server3
without a 2nd nic it server2 I don't know of a way to forward via the same nic that received the inbound data.

Report •

#2
August 13, 2010 at 12:55:04
I have to agree with wanderer. The whole point of encryption is to protect your data.

You want to send data from A to B over an encrypted tunnel, then send it from B to C without the benefit of an encrypted tunnel.

Either do as wanderer said and create an encrypted tunnel from A to C or just send the data from A to C without benefit of encryption since it doesn't seem to be important to you.

When working in the IT industry I have two solid gold rules I live by and they are:

1) If it ain't broke, don't fix it

and

2) KISS

What you're talking about doing is way overcomplicated. An encrypted tunnel from A to C is KISS

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#3
August 14, 2010 at 04:21:12
Thanks for the information above!
Assume that server1, server2 and server3 are in 3 IDCs respectively. Sometimes, server1 can't reach server3 via ISP's routing schema due to some faults in the mediate network, but server1 can reach server2 and server2 can reach server3. Adding a route via server2 to server3 may enhance the reliablity of the connection between server1 and server3. That's why I make it a little complicated.
Now the problem is ip_forward on server2 doesn't work as I expected. I begin to suspect my original understanding of ip_forward. Seems it can only work on servers with at least 2 NICs, isn't it? Is there any canonical literature explainned this point?
Thanks!

Report •

Related Solutions

#4
August 14, 2010 at 05:11:21
What is an IDC?

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#5
August 14, 2010 at 06:01:48
Sorry, here IDC stands for Internet Data Center.
Thanks!

Report •

#6
August 18, 2010 at 03:39:49
I try fedora with server2, then it works. So seems there's a bug in ubuntu. I have reported a bug to ubuntu community´╝Ü
https://bugs.launchpad.net/ubuntu/+bug/619750

Hope they can respond it quickly!


Report •

Ask Question