LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   IPTables Reroute Outing Traffic Through VPN (http://www.linuxquestions.org/questions/linux-networking-3/iptables-reroute-outing-traffic-through-vpn-633389/)

Usogi 04-06-2008 03:43 AM

IPTables Reroute Outing Traffic Through VPN
 
ok, I have a bit of a project going on here.

I have a linux (ubuntu) router, it is setup and works great as a basic router. I'm wanting to setup a VPN back to my work and forward the following traffic through it:
Everything directed at the 10.0.0.0/16 network
All traffic from 192.168.200.125

I have gotten all the 10.0.0.0/16 traffic to work like I want with the following:

-----------------------------
route add -net 10.0.0.0 netmask 255.0.0.0 dev ppp0
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/16 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth1 -j ACCEPT

-----------------------------

eth0 is my WAN
eth1 is my LAN
ppp0 is my VPN

But I have no idea how to get all the traffic from 192.168.200.125 to pass through VPN instead of the WAN... I just have no idea where to start. The REDIRECT in iptables looks interesting, but I'm thinking thats only for ports

Any help would be greatly appreciated

datopdog 04-07-2008 12:38 PM

on which side is 192.168.200.125 ?

Usogi 04-08-2008 09:45 AM

192.168.200.125 is on the LAN side (eth1)
10.0.0.* is the VPN (ppp0)

datopdog 04-08-2008 09:46 AM

Thats easy just change your default route to the ppp0 device.

Usogi 04-08-2008 10:24 AM

I'd already tried these on the router:


route add -host 192.168.200.125 dev ppp0
or
route add -host 192.168.200.125 gw 10.0.4.253

but they just kill the connection on the .125 computer. I can nolonger ping out to the internet or to the vpn. I kinda thought i was going down the wrong path with the route command...

datopdog 04-09-2008 04:47 PM

You can use the magic of iproute2 to create a separate routing table to handle that.
Code:

ip ro add 10.0.0.0/16 dev ppp0 table 4
ip ro add 192.168.200.125 dev eth1 table 4
ip ro add default dev ppp0 table 4
ip ru add from 192.168.200.125 lookup 4
ip ru add from 10.0.0.0/16 to 192.168.200.125 lookup 4
ip ro fl cache


Usogi 04-11-2008 01:29 AM

sorry it took me a bit to respond.

AWSOME! that worked like a charm. I really like iproute2 stuff aswell, seems theres tons i can do in there =D

thanks!


All times are GMT -5. The time now is 08:28 AM.