ip over ip tunneling

Janina Sajka janina at rednote.net
Tue Aug 10 22:16:44 EDT 2004 

I'm not sure what you mean by "setup IP over IP tunneling," but I can
tell you what I do in various circumstances. It's not kernel based as
much as it is ssh based, and relies on the -L and/or -R switches for
ssh. For example, where I worked recently, the closed access to the
internal network so that I could no longer ssh in. I got around that by
doing:

while true; do
ssh -R 23258:localhost:23 66.92.170.XX
 done

from the machine  on the inside that I wanted to get to while off
somewhere around the world. Here's what this command means. Consider the
outside elements, 'ssh 66.92.170.XX." That part is certainly clear, and
does as you expect. It establishes a connection from the machine where
the command is issued to the machine at 66.92.170.XX. The wrapper script
"while true do" just insures that the link gets re-established should it
go down for some reason.

The inner portion says "take the remote port 23258 on localhost and send
it back here on port 23." In other words, I could, on the machine that
is 66.92.170.xx, type:

telnet localhost 23258

and get a telnet login back to that machine inside the firewall.

It worked like a charm.

Other uses for this kind of syntax might include forwarding mail, or
real audio (or speak freely) ports. Whatever.

I hope this is clear, at least as clear as mud and that it's somewhat
helpful.

Gregory Nowak writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi all.
> 
> Is anyone here familiar with how to setup ip over ip tunneling with a
> 2.4.26, and eventually with a 2.6.x kernel? The documentation on the
> subject is very scant, however, I managed to locate the following:
> 
> http://www.javacommerce.com/tips/linux/all/00000175.html
> 
> http://snafu.freedom.org/linux2.2/tunnel-notes.html
> 
> http://www.uwsg.iu.edu/hypermail/linux/net/0301.2/0002.html
> 
> Out of all of these, most deal with linux 2.0, or 2.2, which is
> incorrect info when using linux 2.4, since there is only the one ipip
> module in linux 2.4 now, and the configuration seems to be different
> as far as I can tell. The second URL seems to be the most
> informative. However, the fact that the person is using 192.168 IP
> addresses for both the private and public addresses is very confusing
> to me, and I eventually lose track of which is which. Also, this
> person is seemingly showing how to setup a circular 2-way tunnel
> between 3 or 4 machines, which is too advanced from what I'm looking
> for. This makes it difficult for me to determine which portions of the
> advanced example I want for my setup, not to mention that I find the
> advanced setup example confusing as well.
> 
> Ok, now that I've described all my problems, let me describe what it
> is that I want out of ipip. Simply put, I have 2 machines, machine a,
> and machine b. For my purposes, machine a is the client, machine b is
> the server. What I want is to have a 1-way tunnel, through which
> machine a would make only out-bound connections, using its tunnel to
> machine b, thus making it appear that the connections are coming from
> machine b's network. 
> 
> Can someone who is familiar with ip over ip describe for me what
> configuration steps I need to take on the client and server for my
> specific situation as described above? Also, please use different IP
> ranges (E.G. 172.16.x.x, and 192.168.x.x, where the 172 range would be
> the public addresses, and the 192 range would be the private addresses
> used in the tunnel) to make your explanation easier to understand?
> Thanks in advance.
> 
> Greg
> 
> 
> - -- 
> Free domains: http://www.eu.org/ or mail dns-manager at EU.org
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> 
> iD8DBQFBGQCU7s9z/XlyUyARAjcEAJ9tMLuSrJsxd/UxMq7ALQ3DiJ4K5gCeIT2X
> S6qCVp5ni4e3lMcNFdrh7yM=
> =Bgtk
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
	
				Janina Sajka, Chair
				Accessibility Workgroup
				Free Standards Group (FSG)

janina at freestandards.org	Phone: +1 202.494.7040

More information about the Speakup mailing list