Centos – How to Use The IPs Of Remote Linux server as The Additional IPs of My Current Linux Server

centoslinux-networkingtunneling

I have 2 Linux Servers 'X' and 'Y'.

Server X has lots of resources but 2 public IPs (1 main IP bound as eth0 and 1 additional IP bound as eth0:0).

Server Y has 9 public IPs (1 main IP bound as eth0 and 8 additional IPs bound as eth0:0 to eth0:7) but a limited amount of resources.

I want to use server Y additional IPs (8 IPs) on server X so that server X will have 10 IPs total.

I googled around and I think it's possible to do so using IPIP tunnels/GRE tunnels I've been trying for a few days but so far no luck.

Here's what I've been doing on both servers:

Server X

sysctl -w net.ipv4.conf.default.rp_filter=0;
ip tunnel add tunx mode gre remote |Y's Main IP| local |X's Main IP| ttl 255 dev eth0;
ip link set tunx up;
ip addr add 10.10.1.1/32 dev tunx peer 10.10.1.2;
ip addr add |One of Y's Additional IPs|/29 dev eth0;

Server Y

sysctl -w net.ipv4.conf.all.forwarding=1;
sysctl -w net.ipv4.ip_forward=1;
sysctl -w net.ipv4.conf.all.proxy_arp=1;
sysctl -w net.ipv4.conf.eth0.rp_filter=0;
sysctl -w net.ipv4.conf.tun0.rp_filter=0;
ip tunnel add tuny mode gre remote |X's Main IP| local |Y's Main IP| ttl 255 dev eth0;
ip link set tuny up;
ip addr add 10.10.1.2/32 dev tuny;
ip route add |Y's first additional IP|/29 via 10.10.1.2;

After the above commands on both servers when I try the following command from X:

traceroute -s|One of Y's additional IPs| google.com

I get this:

traceroute to google.com (173.194.70.113), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *

Best Answer

At least two errors are in your setup:

  1. ServerX needs routing rules to forward traffic from Y1 to the tunnel.
  2. tuny on ServerY needs a peer address.

Also use /32 routes and masks for migrated addresses to prevent routing loops.

Let:

  1. ServerX main IP = X
  2. ServerY main IP = Y
  3. ServerY additional IP = Y1

Then the following I believe is closer to working config:

ServerX:

...
ip tunnel add tun0 mode gre remote Y local X ttl 255
ip link   set tun0 up

ip addr add Y1/32 dev eth0
ip addr add 10.10.1.1 dev tun0 peer 10.10.1.2

ip route  add default via 10.10.1.2 dev tun0 table 100
ip rule   add from  Y1 table 100

ServerY

ip tunnel add tun0 mode gre remote X local Y ttl 255
ip link   set tun0 up

ip addr add 10.10.1.2 dev tun0 peer 10.10.1.1

ip route add Y1/32 via 10.10.1.1 dev tun0

You may also consider alternative setup with single GRE tunnel and static NAT on ServerY to make IP addresses on ServerY available for services on ServerX.

UPD:

I just checked this. It seems to be working.

Relevant iptables config to allow traffic flows:

ServerY:

-A FORWARD -d Y1 -o tun0 -j ACCEPT
-A FORWARD -s Y1 -i tun0 -j ACCEPT
-A INPUT -p gre -j ACCEPT

ServerX:

-A INPUT -p gre -j ACCEPT

Problems can be debugged in the following order:

  1. Be sure that X and Y are reachable.
  2. Be sure that the tunnel is up and working: ping <tunnel-peer-address>.
  3. If not, check if providers allow GRE traffic.
  4. Track how icmp packets are processed: tcpdump -i tun0 icmp and tcpdump -i eth0 icmp.

Good book is "Linux Advanced Routing & Traffic Control HOWTO".

Related Topic