[Solved] use iptables with IP in IP Tunnel


New Member
Hi guys,

I've got another issue. I made a test IP in IP tunnel like in this article https://sites.google.com/site/mrxpalmeiras/linux/create-ipip-tunnel-between-networks

Then on machine A:

iptables -t nat -A PREROUTING -d -p tcp -m tcp --dport 80 -j DNAT --to-destination

where is public IP of machine A and is IP of IP in IP tunnel machine B

It works fine - after sending a packet to on port 80 I receive a packet on tunnel-a on machine B with source IP of external client and destination of which is IP of IPinIP tunnel of machine B.

Then on the machine B I made:

iptables -t nat -A PREROUTING -d -p tcp -j DNAT --to-destination

where is a machine in local network where I want to redirect whole traffic again and this doesn't work at all - it doesn't redirect anything and I'm still able to receive packets on machine B.

It looks like this:

client ---> ----[HTTP request]---- ---->server 1 port 80 ----> ----[IP in IP encapsulated client packet]---- ---> server 2 IP in IP interface ( ) --->

This part works fine.

but after adding [iptables -t nat -A PREROUTING -d -p tcp -j DNAT --to-destination]

nothing changes. Packets are not forwarded to the next server.

It looks like iptables doesn't affect IPIP decapsulated packets at all.

Do you have any idea what can be causing it?
Last edited:


New Member
Solution was:


as well as

sysctl net.ipv4.conf.eth0.rp_filter=0
sysctl net.ipv4.conf.eth1.rp_filter=0
sysctl net.ipv4.conf.gre0.rp_filter=0
sysctl net.ipv4.conf.gre1.rp_filter=0

Please mark a thread as solved/closed as you wish.
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Staff online

Members online