I would like redirect my tcp traffic to IRC throught a VPN.
I mark the packets with iptables and create a new route for this packets:
echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/conf/tun0/rp_filteriptables -t mangle -A OUTPUT ! -d 192.168.0.0/16 -p tcp --dport 6667 -j MARK --set-mark 0x42ip route add default dev tun0 src 10.5.82.5 table VPN ip rule add fwmark 0x42 table VPN
The VPN connection:
# ifconfig tun0 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet adr:10.5.82.5 P-t-P:10.5.82.6 Masque:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:2898 errors:0 dropped:0 overruns:0 frame:0 TX packets:3163 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:100 RX bytes:159644 (155.9 KiB) TX bytes:257601 (251.5 KiB)
The packets are redirected to tun0 on the local machine (iptables tagging and the ip rule are ok) but no packet arrive on the tun0 interface of the VPN.
Have you an idea?
Thank’s in advance.
If your IRC traffic originates at the same host you created the rules at, you might be seeing the problem of the “wrong” source IP address on your outgoing packets – check whether the source address is 10.5.82.5 using
tcpdump -i tun0 -v -n. If it is not, just append
src 10.5.82.5 to your
ip route add command.
If the traffic originates elsewhere, consider a NAT rule:
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
Also, your route should go via 10.5.82.6 (the remote gateway IP address), not your local interface. Although it should work in any case since it is a P-t-P interface, it does not feel right. When adding the route via script, you might simply omit the “via” parameter and just use
dev tun0. This works with P-t-P interfaces since there is no ambiguity about which host to contact at the other side of the link.
Leave a comment
- Cron expression that runs every 5 minutes from 1:30 am – 6:00 am [duplicate]
- Understanding redundant power supplies
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?