Can I host a service on eth0 while default route is a VPN?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Can I host a service on eth0 while default route is a VPN?
I am attempting to run apache on my linux router while connected to a VPN. My default route is set to the VPN endpoint and I cannot control port forwarding at that end. I cannot seem to connect to any service that i bind to the eth0 interface. I believe that my iptables rules and OpenVPN are the source of the problem.
/sbin/iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
/sbin/iptables -A FORWARD -i tun1 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o tun1 -j ACCEPT
apache bind to selected interfaces and to 127.0.0.1 ny default you can always access it by http://machine_name or 127.0.0.1 (loopbackdevice)
if your eth0 have generic local network adderss (eg. 192.168.xxx or 10.something read RIPE ) and you not explictly added it to route table you also can always connect to this interface
post ifconfig / route before/after vpn.
The goal is to be able to host a web / mail server on eth0 which is my ISP facing interface on my linux router. I need to do this while all traffic coming into eth1 is routed over tun1
are you sure you tryed something like ssh(or ping) eth0_ip from remote box and it doesn't work? and i need to warn you ISP sometimes block HTTP incoming port 80 i just use different ports for HTTP requests
but there is one possibility that you receive request but send answer to eth1 .. get wireshark and check
Last edited by sunnydrake; 08-21-2010 at 08:02 PM.
I have checked multiple times with ncat and nmap and the port is still being filtered or not binding correctly. The ISP line is a business connection that does not filter any incoming traffic. I have a default deny stance but i explicitly allow 80 & 25.
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
if you don't know how to dump traffic on router use tcpdump and then analyze dump on machine in wireshark.
Without knowing actually what you router recive and where send reply you will shooting in the sky.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
i just use different ports for HTTP requests
