|
Redirect Iptables
Hello,
I try to configure a server at home on Ubuntu 10.04 (French Server) I have 3 network : eth1 for lan (IP FIX) 192.168.1.100 ppp0 for a vpn connection on an English Server (IP DHCP) tun0 for openvpn i use it to connect to my French Server from Anywhere I draw it here My problem is when i activate my ppp0 connexion i can't connect tun0 because all port are redirect on ppp0 connexion (i can connect only when i'm on the LAN) OF course i redirect the port of my IP Public to my French Server IP Private. If i don't activate the ppp0 connexion i can connect to my server with tun0 connexion from everywhere !!!! So i try do this redirection but it's not working and i don't no why ??? Code:
### Routing acces openvpn et vnc de la connexion ppp0 vers eth1 |
Can you please, execute:
route -n BEFORE ppp0 activation and AFTER. |
Before ppp0 :
Code:
Kernel IP routing tableCode:
Kernel IP routing table |
According to your output of "route -n" after ppp0 activation, to "tun0" will get packets with destination IP:
1. 10.8.0.x 2. 10.8.0.2 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 The same, actually, as was before. |
Ok but how i can connect from outside of my LAN.
If i not activate the ppp0 i can connect if i enter my ip public because i made a redirection of the port 1194 to 192.168.1.100. But when i activate the ppp0 i can't make this connection ! server not responding ??? |
First of all. On your picture there is "french server" with ETH1, but on your routing output there is eth2.
So question is - is this the same server, and you drew incorrectly or this server has 2 ethernet cards- eth1 and eth2. Second, TUN - is tunnel over some carrier. Before ppp0 activation there was only one default route - through eth2, this means eth2 points to internet and you can connect from internet through eth2 your tun0 virtual interface. When you activate ppp0, (i think it is DHCP server) changes default route through ppp0, but ppp0 does not point to internet, it does to "english server", and now you have to connect to your tun0 virtual interface through "english server", which more likely isn't configured. This is what I think happen, correct me, if I am wrong. |
Hello,
For eth2 or eth1 it's because i change my ethernet card after i post my first post and i don't know why now i have eth2 and no more eth1 !!! For the ppp0 connection you have right ! But i can't configure the English Server because he's not mine i just use it for proxy to access to English Ressources (I don't have access to them if i'm connect with a French provider ip public ! Do you think it's possible to add a route just for the port 1194 to go on the eth2 connection and all other protocol go to ppp0 connection ? |
You can try to do some thing.
Check this:/proc/sys/net/ipv4/conf/*/rp_filter This is "Reverse Path Filtering", so when you have two interfaces and one of them points to default GW, iptables prevents packets come in from second interface. So if in "rp_filter" 1 - it is enabled, 0 - disabled. Write to there "0" and check, if you will able to connect through eth2 to tun0. echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter May be you will need to change "all" to your interfaces, and put "0" to each of them. This changes will exist until reboot. And of course eth2 needs to be connected to internet. |
Hello,
I put 0 on rp_filter for all, default, lo, ppp0, eth2, tun0. And I reboot. It change nothing. I can connect from outside on tun0 when ppp0 is not activate but not when ppp0 is activate ... I try to reset iptables rules but it change nothing ... Have you another idea ? |
If you reboot, setting will be lost. You need to put "0", make sure it is there and try to activate ppp0 and connect to eth2, do not reboot.
|
I put 0 on rp_filter for all, default, lo, ppp0, eth2, tun0.
I unplug and plug eth2, i restart openvpn service, i reconnect ppp0. I can't connect tun0 from the outside but i can connect tun0 from eth2. If I disconnect ppp0 i can connect from the outside and from eth2. I double check i have really 0 in all interfaces ! :( |
Quote:
"can connect tun0 from eth2". "Outside" for me is a public internet and to be able to connect from it one needs to connect to public IP, which has to be assigned to interface. When you said "If I disconnect ppp0 i can connect from the outside and from eth2" you mean that "outside" doesn't come in through eth2? |
Ouside it's from the internet
I redirect on my router the port 1194 of my ip public on the port 1194 of the ip private of the eth2 interface of my french server when ppp0 is activate i can now with your modification connect openvpn when i'm on the LAN (adresse ip of the client 192.168.1.10 openvpn on the lan adresse of my french server 192.168.1.100) when ppp0 is activate i can't connect from internet (on my ip public) but when ppp0 is not activate i can connect from internet (on my ip public) and from the LAN (adresse ip of the client 192.168.1.10 openvpn on the lan adresse of my french server 192.168.1.100) |
Quote:
Quote:
1. Does your public IP remain the same on router? And can you ping it? 2. Does your port forward rule remain the same on your router? So, after ppp0 activation, router still does forward traffic from 1194 of its public IP to eth2 IP to port 1194. Thanks |
When I have ppp0 activate :
My IP Public is the same on my router I can ping it My Rule is the same : Code:
NAT :Code:
Kernel IP routing tablebut the problem is i have my french server ip for all port (http, https, ...) IPTABLE -L : Code:
Kernel IP routing tableQuote:
|
Quote:
Ok, please, can you do next thing: Type on root console: netstat -ntupl 1. before activation ppp0 2. after activation ppp0 Please post here only IP and port, which openvpn uses. Thanks. P.S. I assume that on server should be and "openvpn server", so some there in internet you have to use openvpn client. Please tell as, can you connect vpn client with server? I am not talking about doing something else, can you connect them together? |
| All times are GMT -5. The time now is 02:52 AM. |