Yes, I made it work. For iptable rule, you do not have to specify the port number since it does not go with TCP or UPD. Try to use the -p gre parameter.
Thanks, On Sun, Oct 9, 2011 at 5:54 PM, Justin Pettit <jpet...@nicira.com> wrote: > On Oct 9, 2011, at 4:38 PM, terryxing wrote: > > > I want to tunnel two openvsiwtch on two physical xenserver behind the > firewall. Only two firewalls at each site have the public ip. If there any > way I can make that work ? > > > > I heard that the GRE is using port 47 and I enable the NAT on the > firewall for port 47. But It does not work. Any idea ? > > It's using IP protocol 47, not a TCP or UDP port. So, you will need to > write the appropriate rule to allow it to pass. If you're using NAT, you'd > also need to configure forwarding for that as well. > > --Justin > > > -- Best regards, Tianyi Xing (邢天翼) PhD Student, Research & Teaching Associate SNAC:Secure Networking and Computing group School of Computing, Informatics, and Decision Systems Engineering Ira A. Fulton School of Engineering, Arizona State University Tempe, AZ 85281, USA Cell: (+1) 480-678-3090
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
