I have the same configuration as [Solved] GRE tunnel routing.
I am able to see traffic go through the tunnel to my router, but one way or another the router keeps rejecting the traffic. I do not know what I'm missing. Can someone help? The purpose of my configuration is to use the gre routed subnet over wan to be able to have access to a range of public ips (ipv4).
When logging the wan zone I can see that it's being rejected.
option target 'ACCEPT'
option src 'wan'
option family 'ipv4'
option proto '47'
option name 'Allow-GRE'
option enabled '1'
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option dest_ip '192.168.1.1'
option dest_port '443'
option name 'HTTPS EP'
option src_dip '37.x.x.x'
option src_dport '443'
type or config interface 'mygre'
option proto 'gre'
option peeraddr '185.x.x.x'
config interface 'mygres'
option proto 'static'
option ifname '@mygre'
option ipaddr '37.x.x.x'
option netmask '255.255.255.248'
ip route show
default via 188.8.131.52 dev pppoe-wan proto static metric 10
37.x.x.x/29 dev gre4-mygre proto kernel scope link src 37.x.x.x
185.x.x.x via 194.x.x.x dev pppoe-wan proto static metric 10
Please post here the output of the following command, copy and paste the whole block:
uci export network; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip -4 addr ; ip -4 ro ls tab all ; ip -4 ru;
Do you want to receive traffic from the internet to 37.x.x.x/29? That require you to configure a default route via mygre which means you need policy routing since you have two default routes.
Yes that's exactly what I want. How can I add this route? For the record I already see the traffic coming in with an ip of destination address in 37.x.x.x/29. When I see the logging on the wan zone I see that it gets rejected, some how the redirect rule is ignored
This is an example of the reject that I get, so the tunnel is working traffic is getting to the router but is not forwarded further in accordance with the port forward rules.
router kernel: [12896.845053] REJECT wan out: IN=gre4-mygre OUT=gre4-mygre MAC= SRC=184.108.40.206 DST=37.x.x.x LEN=44 TOS=0x08 PREC=0x20 TTL=38 ID=8939 PROTO=TCP SPT=17430 DPT=443 WINDOW=23565 RES=0x00 SYN URGP=0
I don't see it being rejected anymore but somehow it doesn't forward. Do I need to set some thing op in the firewall zone of wan?