CSF and GRE Tunneling

Posted On // Leave a Comment

Has anyone successfully setup a GRE tunnel while using CSF firewall?


I did my setup following http://ift.tt/1cFIBUu with CSF off. Now that I have turned CSF on, I managed to create some rules on the DDOS protected host to get GRE working.


They are as follows (entered in csfpre.sh):



/sbin/iptables -A INPUT -i eth0 -p gre -d [ddosprotectedip] -s [servertobeprotected] -j ACCEPT


/sbin/iptables -A INPUT -i gre1 -j ACCEPT


/sbin/iptables -A FORWARD -i gre1 -j ACCEPT


/sbin/iptables -A FORWARD -d 192.168.168.0/30 -i eth0 -j ACCEPT


/sbin/iptables -t nat -A POSTROUTING -s 192.168.168.0/30 -j SNAT --to-source [ddosprotectedip]



On the server that I am trying to protect though, things seem to be getting a little dicey.


Using:



/sbin/iptables -A INPUT -i eth0 -p gre -s [ddosprotectedip] -j ACCEPT


/sbin/iptables -A INPUT -i gre1 -j ACCEPT



Seems to block GRE traffic on the tunnel. So far, the only way I have found to get the traffic to pass through is to add the ddos protected ip into /etc/csf/csf.allow.


http://ift.tt/1dvHQ0Z

0 comments:

Post a Comment