Results 1 to 3 of 3

Thread: iptables specific ip routing via tun

Hybrid View

  1. #1

    iptables specific ip routing via tun

    hi guys!
    I was searching few days for a solution to my problem but haven't found one or I'm too dumb to understand.
    Here's what happened:
    I have a linux server used as a router. It has an eth0 and eth1 (local interface). I just installed openvpn (I need it only as a client), I configured it and run it. It connects very good the the vpn server but I don't know how to configure iptables so I can connect via tun only from an ip from the local network and all the others to connect normally to my external interface (eth0).
    I have tried the following command:

    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun0 -j MASQUERADE

    which works very good except that all the traffic is forwarded thru tun0.
    when I put -s 192.168.1.12 (my local ip), also works fine but all the other computers from the network dont have internet access.
    let's say my server external ip is A.A.A.A, my local server ip is B.B.B.B and my tun ip is C.C.C.C
    how can I create a rule in order to make all ips (except one) to connect thru real ip A.A.A.A to the internet and my ip to connect thru tun ip C.C.C.C ?
    I don't seem to find an answer to that or as I said already I'm too dumb.
    Any help would be appreciated.
    Thanks guys.

  2. #2
    Moderator
    Advisor
    redhead's Avatar
    Join Date
    Jun 2001
    Location
    Copenhagen, Denmark
    Posts
    811
    The iptables rules are like a pitfall algorithm, what rule catches first is beeing used, so if your external interface on the server (the one with the external IP) is eth0, and the internal IP you want to route through tun0 is B.B.B.X then the rules to accomplish what you're trying to do is:
    Code:
    iptables -t nat -A POSTROUTING -s B.B.B.X -o tun0 -j MASQUERADE
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
    Altho the problem here might be in the issue that you are making your router connect through VPN, when that happens the routing tables gets overwritten by the fact that the VPN tunnel will overtake any outbound packages.
    Don't worry Ma'am. We're university students, - We know what We're doing.
    'Ruiat coelum, fiat voluntas tua.'
    Datalogi - en livsstil; Intet liv, ingen stil.

  3. #3
    sorry but it didn't work.
    here are the routes before and after I connect thru vpn
    #### BEFORE ####
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    AA.AA.AA.0 * 255.255.255.128 U 0 0 0 eth0
    192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
    127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    default blabla.xxx 0.0.0.0 UG 0 0 0 eth0

    #### WITH VPN ####
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    10.10.0.17 * 255.255.255.255 UH 0 0 0 tun0
    CC.CC.CC.CC AA.AA.AA.1 255.255.255.255 UGH 0 0 0 eth0
    AA.AA.AA.0 * 255.255.255.128 U 0 0 0 eth0
    10.10.0.0 10.10.0.17 255.255.255.0 UG 0 0 0 tun0
    192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
    127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    default 10.10.0.17 128.0.0.0 UG 0 0 0 tun0
    128.0.0.0 10.10.0.17 128.0.0.0 UG 0 0 0 tun0
    default AA.AA.AA.1 0.0.0.0 UG 0 0 0 eth0

    where AA.AA.AA is my external ip class and CC.CC.CC my vpn external ip class.
    I guess it's something from the route too cause after I start the vpn connection, I cannot connect to internet from the server console.

Similar Threads

  1. OpenVPN\IPtables routing problem!! Please help me out
    By Pumbaa in forum Linux - Hardware, Networking & Security
    Replies: 0
    Last Post: 01-25-2012, 10:59 AM
  2. Linux IPTables/Routing Problem
    By Mephisto in forum Security
    Replies: 3
    Last Post: 08-15-2005, 10:01 PM
  3. Not Linux specific
    By mugs in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 12-07-2003, 12:55 AM
  4. How to allow only specific hosts to log on via SSH
    By Compunuts in forum Linux - Hardware, Networking & Security
    Replies: 4
    Last Post: 08-25-2003, 07:35 AM
  5. Distro Specific
    By Schotty in forum Announcements and Suggestions
    Replies: 2
    Last Post: 10-30-2002, 12:09 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •