Доброго времени суток. Есть шайтан железяка, на основе линукс, на которой поднято GRE с Cisco:
gre1 Link encap:UNSPEC HWaddr AC-1E-41-44-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.224.40.6 P-t-P:10.224.40.5 Mask:255.255.255.252
inet6 addr: fe80::5efe:ac1e:4144/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1476 Metric:1
RX packets:41 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:984 (984.0 B) TX bytes:252 (252.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:36 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2436 (2.3 KiB) TX bytes:2436 (2.3 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:172.30.65.68 P-t-P:10.64.64.64 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:56 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2476 (2.4 KiB) TX bytes:484 (484.0 B)
На cisco, соответственно, на GRE тоннеле - 10.224.40.5. Устройства друг друга видят - пинг в обе стороны идёт. Я поднимаю на шайтан-железке Lo:1 с ip 10.200.0.1/32. Прописываю на Cisco маршрут 10.200.0.1/32 -> 10.224.40.6. И не вижу 10.200.0.1.
На шайтан железке такие маршруты:
default via 10.64.64.64 dev ppp0
10.0.0.0/8 dev gre1
10.64.64.64 dev ppp0 src 172.30.65.68
10.224.40.4/30 dev gre1 src 10.224.40.6
GRE строится через PPP0
И вывод iptables:
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all — anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT icmp — anywhere anywhere
DROP all — anywhere anywhere mark match 0x64
flt_inp_ext all — anywhere anywhere
gre all — anywhere anywhere
tty2net232 all — anywhere anywhere
tty2net485 all — anywhere anywhere
ipsec all — anywhere anywhere
ovpn all — anywhere anywhere
ovpns all — anywhere anywhere
l2tp all — anywhere anywhere
remote all — anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT icmp — anywhere anywhere
flt_fwd_ext all — anywhere anywhere
fw all — anywhere anywhere
MINIUPNPD all — anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere anywhere
Chain MINIUPNPD (2 references)
target prot opt source destination
Chain flt_fwd_ext (1 references)
target prot opt source destination
MINIUPNPD all — anywhere anywhere
Chain flt_inp_ext (1 references)
target prot opt source destination
Chain fw (1 references)
target prot opt source destination
Chain gre (1 references)
target prot opt source destination
Chain ipsec (1 references)
target prot opt source destination
Chain l2tp (1 references)
target prot opt source destination
Chain ovpn (1 references)
target prot opt source destination
Chain ovpns (1 references)
target prot opt source destination
Chain remote (1 references)
target prot opt source destination
ACCEPT tcp — anywhere anywhere tcp dpt:www
ACCEPT tcp — anywhere anywhere tcp dpt:ssh
ACCEPT tcp — anywhere anywhere tcp dpt:telnet
ACCEPT udp — anywhere anywhere udp dpt:snmp
Chain tty2net232 (1 references)
target prot opt source destination
ACCEPT tcp — anywhere anywhere tcp dpt:2001
Chain tty2net485 (1 references)
target prot opt source destinatio
Казалось бы, всё должно работать, но не работает. Может у кого-то есть мысли почему?
P.S. форвардинг включен
