MainStaySolutions
asked on
Debian Linix GRE protocol forwarding
I'm using tcpdump to see if gre protocol is forwarding properly from my Debian linux box.
Here is the command I'm using
tcpdump -i eth0 proto 47 > /root/dump.txt
But the log file is empty I'm thinking because the protocol isn't even coming in, right?
When I look for protocol 6 (tcp) it fills up as I try and pptp in. Any ideas? Should I be seeing the gre protocol coming in?
Here is the command I'm using
tcpdump -i eth0 proto 47 > /root/dump.txt
But the log file is empty I'm thinking because the protocol isn't even coming in, right?
When I look for protocol 6 (tcp) it fills up as I try and pptp in. Any ideas? Should I be seeing the gre protocol coming in?
*ping* Did monitoring the ppp0 (or other encapsulated interface) show the GRE packets ?
ASKER
No it didnt.
try
iptables -A OUPUT -p tcp --dport 47 -j LOG
iptables -A FORWARD -p tcp --dport 47 -j LOG
iptables -A INPUT -p tcp --dport 47 -j LOG
or UDP ..and then
tail -f /var/log/syslog and you will see the packets being logged if they are incoming/outgoing or being forwarded by the system
iptables -A OUPUT -p tcp --dport 47 -j LOG
iptables -A FORWARD -p tcp --dport 47 -j LOG
iptables -A INPUT -p tcp --dport 47 -j LOG
or UDP ..and then
tail -f /var/log/syslog and you will see the packets being logged if they are incoming/outgoing or being forwarded by the system
ASKER
Thanks for the reply. Interesting, I'm not seeing anything in the log files as I try to vpn through it. I'm assuming that it means gre isn't passing through.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do an ifconfig and see if there are other interfaces.
firewall:/root # tcpdump -i ppp0 proto 47
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
20:15:34.259140 IP xxxx.dyndns.org > xxxx.nwc.acsalaska.net: call 1039 ack 4294967295 no-payload
20:15:34.280656 IP xxx.dyndns.org > xxxx.nwc.acsalaska.net: call 1039 seq 0 gre-ppp-payload
2 packets captured
3 packets received by filter
0 packets dropped by kernel
firewall:/root # tcpdump -i eth0 proto 47
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel