GRE tunnel PREROUTING

Here’s a simple solution in order to forward GRE tunnels to a server, or here a virtual machine, which is located behind a GNU/Linux gateway:

1
2
# iptables -t nat -A PREROUTING -i eth0 -p gre -j DNAT --to-destination 192.168.0.1
# modprobe nf_conntrack_proto_gre

No need for complex PREROUTING / POSTROUTING / FORWARD combinations as I could read here and there.

In my case, the virtual machine is a NetBSD domU where I created the following gre(4) interface:

1
2
3
4
# cat /etc/ifconfig.gre0
create
tunnel 1.2.3.4 192.168.0.1 up
inet 172.16.0.1 172.16.0.2 netmask 255.255.255.252

1.2.3.4 being the remote public IP address
192.168.0.1 is the domU private IP address
172.16.0.1 and 2 are the tunnel endpoints.