Has anyone successfully setup a GRE tunnel while using CSF firewall?
I did my setup following http://ift.tt/1cFIBUu with CSF off. Now that I have turned CSF on, I managed to create some rules on the DDOS protected host to get GRE working.
They are as follows (entered in csfpre.sh):
/sbin/iptables -A INPUT -i eth0 -p gre -d [ddosprotectedip] -s [servertobeprotected] -j ACCEPT
/sbin/iptables -A INPUT -i gre1 -j ACCEPT
/sbin/iptables -A FORWARD -i gre1 -j ACCEPT
/sbin/iptables -A FORWARD -d 192.168.168.0/30 -i eth0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.168.0/30 -j SNAT --to-source [ddosprotectedip]
On the server that I am trying to protect though, things seem to be getting a little dicey.
Using:
/sbin/iptables -A INPUT -i eth0 -p gre -s [ddosprotectedip] -j ACCEPT
/sbin/iptables -A INPUT -i gre1 -j ACCEPT
Seems to block GRE traffic on the tunnel. So far, the only way I have found to get the traffic to pass through is to add the ddos protected ip into /etc/csf/csf.allow.
http://ift.tt/1dvHQ0Z
0 comments:
Post a Comment