GRE tunnels between Cisco and Linux routers using iproute

This article was first written in August 2004 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/167).

GRE tunnels between Cisco and Linux (2.4 and up) routers are possible.

Given the following two routers, each one gateway for its network:

linux

Public IP: 82.72.101.226

Private network: 192.168.4.0/24

IP on that private network: 192.168.4.4

cisco

Public IP: 123.45.67.8

Private network: 192.168.10.0/24

IP on that private network: 192.168.10.4

See IP in IP or GRE tunnel using iproute for the Linux configuration part.

For the Cisco part, it is quite similar, as the needed portion of configuration is something like this:

interface Tunnel1
 description connection to Linux Network
 ip address 192.168.10.4 255.255.255.0
 tunnel source Dialer1
 tunnel destination 87.65.43.21
 tunnel mode gre ip

Where Dialer1 is the name of the interface of the Cisco router connected to Internet (it’s used to always match the actual and current public IP of the router).

Redirecting ports (NAT) to another machine on a Cisco router

This article was first written in April 2004 for
the BeezNest technical website (http://glasnost.beeznest.org/articles/121)

Log into the machine (using telnet for example).

Change to enable mode.

Change to configuration terminal mode:

# conf term

Issue the following command to redirect port 22/tcp from the outside interface (address) to the inside machine you would like the connection to get to:

(config)# ip nat inside source static tcp 192.168.0.7 22 222.221.220.68 22

First IP is the inside local IP address (inside the LAN, only reachable locally, so internal IP addressing) then the inside port on which to connect followed by the IP address of the outside global IP address then the port on which you want to reach that device.

Press <<ctrl-Z>> to exit the configuration terminal mode.

Issue the following command to apply and save the configuration on the flash (disk):

# write running

Activating the DHCP server in a Cisco router

This article was first written in July 2005 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/280).

Here is an example on how to configure a DHCP server on a Cisco router.

ip domain-name 195.238.2.21
ip dhcp excluded-address 192.168.64.1
ip dhcp excluded-address 192.168.1.7
ip dhcp pool DHCPPool
   import all
   network 192.168.64.0 255.255.255.0
   dns-server 195.238.2.21 195.238.2.22
   default-router 192.168.64.253
   option 150 ip 10.31.1.107

Note that the DHCP pool is 192.168.64.0/24 and that there are excluded addresses. Note also there is an extra option (here TFTP-server) configured. Everything else should be straight-forward for anybody accustomed with DHCP servers configuration.

HOWTO Replace a Cisco Remote Access Router with Free Software (ser2net)

This article was first written in April 2005 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/224).

To replace a Cisco Remote Access Router, which is only a kind of network serial ports server, you could use a Linux box with Serial to Network Proxy (ser2net).

Free Softwares related to Cisco

This article was first written in April 2005 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/223).

To manage a bunch of Cisco routers or equipments, a lot of free software have been written over time. Most of them are really useful to ease or improve the management of Cisco material.

Most of the time, they are hopefully not limited to Cisco, but provide support for more.

• The Cisco-centric Open Source Community (COSI)
• JFFNMS
• IPBlocker and Cisco Hammer
• Pancho
• Nagios
• NCAT – Network Audit Config Tool