iptables specific ip routing via tun


Results 1 to 3 of 3

Thread: iptables specific ip routing via tun

  1. 07-14-2011, 10:41 PM #1
    shamora
    shamora is offline Registered User
    Join Date
    Jul 2011
    Posts
    1

    iptables specific ip routing via tun

    hi guys!
    I was searching few days for a solution to my problem but haven't found one or I'm too dumb to understand.
    Here's what happened:
    I have a linux server used as a router. It has an eth0 and eth1 (local interface). I just installed openvpn (I need it only as a client), I configured it and run it. It connects very good the the vpn server but I don't know how to configure iptables so I can connect via tun only from an ip from the local network and all the others to connect normally to my external interface (eth0).
    I have tried the following command:


    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun0 -j MASQUERADE

    which works very good except that all the traffic is forwarded thru tun0.
    when I put -s 192.168.1.12 (my local ip), also works fine but all the other computers from the network dont have internet access.
    let's say my server external ip is A.A.A.A, my local server ip is B.B.B.B and my tun ip is C.C.C.C
    how can I create a rule in order to make all ips (except one) to connect thru real ip A.A.A.A to the internet and my ip to connect thru tun ip C.C.C.C ?
    I don't seem to find an answer to that or as I said already I'm too dumb.
    Any help would be appreciated.
    Thanks guys.
    Reply With Quote Reply With Quote
  2. 07-16-2011, 11:08 AM #2
    ehawk
    ehawk is offline Registered User
    Join Date
    Jan 2001
    Posts
    517

    don't know if this is helpful

    I know very little about these things.

    Here are lots of instructions for handling the configuration of vpn, server ip address access, etc. The most helpful part looks like it might be starting at "Setup the server configuration file"

    Is any of this helpful?

    http://thecususergroup.proboards.com...ad=4226&page=1

    Here is a tun tutorial that may help you.

    http://backreference.org/2010/03/26/...face-tutorial/
    Last edited by ehawk; 07-16-2011 at 11:11 AM. Reason: additional information
    Reply With Quote Reply With Quote
  3. 07-16-2011, 03:13 PM #3
    hlrguy's Avatar
    hlrguy
    hlrguy is offline Mandriva 1 on a T3640
    Join Date
    Sep 2002
    Location
    San Antonio, TX
    Posts
    2,607
    In the above you are sending the entire subnet mask to the tunnel. The "192.168.1.0/24" part. Change it to be the specific IP address. So if you want 192.168.1.5 to go over the tunnel, change it to be "-s 192.168.1.5" without the subnet.

    If all IPs are assigned by DHCP and change, you will have to manage that. i.e. sometimes it is 1.5, sometimes 1.10. Usually you can link a MAC to a specific IP address in the Router so that it is always assigned to that device.

    You can then simply add another iptables command that does the entire subnet without the tun part with -j Masquerade. I don't see why the other traffic is blocked since the rule should only apply to the specific -s but without hands on, hard to guess

    Hlrguy
    Last edited by hlrguy; 07-16-2011 at 03:17 PM.
    Were you a Windows expert the VERY first time you looked at a computer with Windows, or did it take a little time.....
    My Linux Blog
    Linux Native Replacements for Windows Programs
    Mandriva One on a "Vista Home Barely" T3640 E-Machine runs great.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules