Part 1: Why and How to Use the GRE Tunnel on Linux?
I’m going to assume you have a setup similar to the one we had in Part 1.
One of the advantages of having GRE tunneling between servers is that you can use another server as a gateway.
Let’s say you have two servers, one in the US and the other in the UK. You need to connect to a service that only allows access from your US server. If you have a GRE Tunnel between the UK server and the US server, you can use the US server as a gateway for the UK server.
Let’s remember the IP addresses from Part 1:
US Server:
Public IP address: 167.71.102.185
Private IP address for GRE Tunnel: 10.0.100.1
UK Server:
Public IP Address: 178.128.42.200
Private IP address for GRE Tunnel: 10.0.100.2
The US server will be the gateway for the UK server.
For this requirement we need to replace the source IP address of the network packet (sent by the UK server) with the public IP address of the US server.
(See: How do SNAT and DNAT work on Linux?)
I will run this command on US Server:
iptables -t nat -A POSTROUTING -s 10.0.100.2 -j SNAT --to-source 167.71.102.185
Run it and review the configuration:
I will enable IP forwarding on the US server:
echo 1 > /proc/sys/net/ipv4/ip_forward
I will update the routing table on the UK server for the tunnel IP range. I will use the US Server’s private IP address as the gateway for the tunnel.
echo '101 GRETABLE' >> /etc/iproute2/rt_tables
ip rule add from 10.0.100.0/24 table GRETABLE
ip route add default via 10.0.100.1 table GRETABLE
Apply and review on the UK server:
Let’s test: