hardware:shimtunnel
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
hardware:shimtunnel [2019/01/10 15:06] – [Using a Shim Tunnel to send Netflow to a remote Trisul probe] veera | hardware:shimtunnel [2019/01/11 18:16] (current) – veera | ||
---|---|---|---|
Line 13: | Line 13: | ||
* Gateway Node real IP : 192.169.2.81 (both should be able to ping each other) | * Gateway Node real IP : 192.169.2.81 (both should be able to ping each other) | ||
* Port used : UDP 5111 | * Port used : UDP 5111 | ||
+ | * Source IP to use on the gateway end of shim tunnel : 10.251.52.4 | ||
+ | |||
+ | <note warning> | ||
+ | **Pre-check** | ||
+ | * ensure IP Forwarding is disabled '' | ||
+ | * local iptables firewall rules allow the UDP port '' | ||
+ | </ | ||
===== Download the Shim software ===== | ===== Download the Shim software ===== | ||
Line 20: | Line 27: | ||
Visit https:// | Visit https:// | ||
- | |||
- | Example | ||
< | < | ||
Line 32: | Line 37: | ||
- | Example | + | ==== Example |
< | < | ||
chmod +x nfshim.el7 | chmod +x nfshim.el7 | ||
./ | ./ | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Example 2 : bind to a specific local address for tunnel endpoint ==== | ||
+ | |||
+ | < | ||
+ | chmod +x nfshim.el7 | ||
+ | ./ | ||
</ | </ | ||
Line 57: | Line 71: | ||
Restart | Restart | ||
+ | |||
+ | |||
+ | ===== Extra reference : Use Source NAT ===== | ||
+ | |||
+ | In the very unlikely scenario the above steps dont work and the desired source IP is not seen on the outgoing packets, use SNAT (Source NAT).This example NATs the source IP for udp packets to 5111 (custom netflow) | ||
+ | |||
+ | < | ||
+ | iptables -t nat -A | ||
+ | -o enp7s0 | ||
+ | </ | ||
+ | |||
+ | ==== To view rules ==== | ||
+ | |||
+ | < | ||
+ | iptables -t nat -L -v --line-numbers | ||
+ | </ | ||
+ | |||
+ | ==== To delete a rule with id 3 ==== | ||
+ | |||
+ | < | ||
+ | iptables -t nat -D POSTROUTING | ||
+ | </ | ||
hardware/shimtunnel.1547113013.txt.gz · Last modified: 2019/01/10 15:06 by veera