LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-29-2010, 12:16 PM   #1
computerz
LQ Newbie
 
Registered: Jun 2010
Location: France
Distribution: Ubuntu 10.04
Posts: 8

Rep: Reputation: 0
Arrow Redirect Iptables


Hello,

I try to configure a server at home on Ubuntu 10.04 (French Server)

I have 3 network :

eth1 for lan (IP FIX) 192.168.1.100
ppp0 for a vpn connection on an English Server (IP DHCP)
tun0 for openvpn i use it to connect to my French Server from Anywhere

I draw it here

My problem is when i activate my ppp0 connexion i can't connect tun0 because all port are redirect on ppp0 connexion (i can connect only when i'm on the LAN)

OF course i redirect the port of my IP Public to my French Server IP Private. If i don't activate the ppp0 connexion i can connect to my server with tun0 connexion from everywhere !!!!

So i try do this redirection but it's not working and i don't no why ???
Code:
### Routing acces openvpn et vnc de la connexion ppp0 vers eth1
sudo iptables -t nat -A PREROUTING -j DNAT -i ppp0 -p udp --dport 1194 --to-destination 192.168.1.100 

sudo iptables -t nat -A PREROUTING -j DNAT -i ppp0 -p tcp --dport 1194 --to-destination 192.168.1.100

sudo iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 -p udp --dport 1194 -d 192.168.1.100

sudo iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 -p tcp --dport 1194 -d 192.168.1.100
can you help me please ??
 
Old 06-29-2010, 01:04 PM   #2
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Can you please, execute:
route -n

BEFORE ppp0 activation
and AFTER.
 
Old 07-01-2010, 04:09 PM   #3
computerz
LQ Newbie
 
Registered: Jun 2010
Location: France
Distribution: Ubuntu 10.04
Posts: 8

Original Poster
Rep: Reputation: 0
Before ppp0 :
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     1      0        0 eth2
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth2
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth2
After ppp0
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.0.4     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
109.169.17.78   192.168.1.1     255.255.255.255 UGH   0      0        0 eth2
109.169.17.78   192.168.1.1     255.255.255.255 UGH   0      0        0 eth2
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     1      0        0 eth2
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth2
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0

Last edited by computerz; 07-01-2010 at 04:11 PM.
 
Old 07-02-2010, 03:57 AM   #4
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
According to your output of "route -n" after ppp0 activation, to "tun0" will get packets with destination IP:
1. 10.8.0.x
2. 10.8.0.2

10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0

The same, actually, as was before.
 
Old 07-02-2010, 03:55 PM   #5
computerz
LQ Newbie
 
Registered: Jun 2010
Location: France
Distribution: Ubuntu 10.04
Posts: 8

Original Poster
Rep: Reputation: 0
Ok but how i can connect from outside of my LAN.

If i not activate the ppp0 i can connect if i enter my ip public because i made a redirection of the port 1194 to 192.168.1.100.

But when i activate the ppp0 i can't make this connection ! server not responding ???
 
Old 07-03-2010, 01:44 AM   #6
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
First of all. On your picture there is "french server" with ETH1, but on your routing output there is eth2.
So question is - is this the same server, and you drew incorrectly or this server has 2 ethernet cards- eth1 and eth2.

Second, TUN - is tunnel over some carrier. Before ppp0 activation there was only one default route - through eth2, this means eth2 points to internet and you can connect from internet through eth2 your tun0 virtual interface.

When you activate ppp0, (i think it is DHCP server) changes default route through ppp0, but ppp0 does not point to internet, it does to "english server", and now you have to connect to your tun0 virtual interface through "english server", which more likely isn't configured.

This is what I think happen, correct me, if I am wrong.
 
Old 07-03-2010, 02:22 PM   #7
computerz
LQ Newbie
 
Registered: Jun 2010
Location: France
Distribution: Ubuntu 10.04
Posts: 8

Original Poster
Rep: Reputation: 0
Hello,

For eth2 or eth1 it's because i change my ethernet card after i post my first post and i don't know why now i have eth2 and no more eth1 !!!

For the ppp0 connection you have right !
But i can't configure the English Server because he's not mine i just use it for proxy to access to English Ressources (I don't have access to them if i'm connect with a French provider ip public !

Do you think it's possible to add a route just for the port 1194 to go on the eth2 connection and all other protocol go to ppp0 connection ?
 
Old 07-03-2010, 04:42 PM   #8
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
You can try to do some thing.
Check this:/proc/sys/net/ipv4/conf/*/rp_filter
This is "Reverse Path Filtering", so when you have two interfaces and one of them points to default GW, iptables prevents packets come in from second interface.
So if in "rp_filter" 1 - it is enabled, 0 - disabled.
Write to there "0" and check, if you will able to connect through eth2 to tun0.
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
May be you will need to change "all" to your interfaces, and put "0" to each of them.
This changes will exist until reboot.

And of course eth2 needs to be connected to internet.
 
Old 07-04-2010, 02:12 PM   #9
computerz
LQ Newbie
 
Registered: Jun 2010
Location: France
Distribution: Ubuntu 10.04
Posts: 8

Original Poster
Rep: Reputation: 0
Hello,

I put 0 on rp_filter for all, default, lo, ppp0, eth2, tun0.

And I reboot.

It change nothing.
I can connect from outside on tun0 when ppp0 is not activate but not when ppp0 is activate ...

I try to reset iptables rules but it change nothing ...

Have you another idea ?
 
Old 07-04-2010, 02:17 PM   #10
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
If you reboot, setting will be lost. You need to put "0", make sure it is there and try to activate ppp0 and connect to eth2, do not reboot.
 
Old 07-05-2010, 03:25 PM   #11
computerz
LQ Newbie
 
Registered: Jun 2010
Location: France
Distribution: Ubuntu 10.04
Posts: 8

Original Poster
Rep: Reputation: 0
I put 0 on rp_filter for all, default, lo, ppp0, eth2, tun0.

I unplug and plug eth2, i restart openvpn service, i reconnect ppp0.

I can't connect tun0 from the outside but i can connect tun0 from eth2.

If I disconnect ppp0 i can connect from the outside and from eth2.

I double check i have really 0 in all interfaces !

 
Old 07-06-2010, 01:33 AM   #12
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Quote:
Originally Posted by computerz View Post
I put 0 on rp_filter for all, default, lo, ppp0, eth2, tun0.

I unplug and plug eth2, i restart openvpn service, i reconnect ppp0.

I can't connect tun0 from the outside but i can connect tun0 from eth2.

If I disconnect ppp0 i can connect from the outside and from eth2.

I double check i have really 0 in all interfaces !

Can you please, explain, what the difference between "can connect tun0 from outside" and
"can connect tun0 from eth2".
"Outside" for me is a public internet and to be able to connect from it one needs to connect to public IP, which has to be assigned to interface.
When you said "If I disconnect ppp0 i can connect from the outside and from eth2" you mean that "outside" doesn't come in through eth2?
 
Old 07-07-2010, 06:06 AM   #13
computerz
LQ Newbie
 
Registered: Jun 2010
Location: France
Distribution: Ubuntu 10.04
Posts: 8

Original Poster
Rep: Reputation: 0
Ouside it's from the internet

I redirect on my router the port 1194 of my ip public on the port 1194 of the ip private of the eth2 interface of my french server

when ppp0 is activate i can now with your modification connect openvpn when i'm on the LAN (adresse ip of the client 192.168.1.10 openvpn on the lan adresse of my french server 192.168.1.100)

when ppp0 is activate i can't connect from internet (on my ip public)

but when ppp0 is not activate i can connect from internet (on my ip public) and from the LAN (adresse ip of the client 192.168.1.10 openvpn on the lan adresse of my french server 192.168.1.100)
 
Old 07-07-2010, 08:32 AM   #14
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Quote:
Originally Posted by computerz View Post
when ppp0 is activate i can now with your modification connect openvpn when i'm on the LAN (adresse ip of the client 192.168.1.10 openvpn on the lan adresse of my french server 192.168.1.100)
It is already very good.

Quote:
I redirect on my router the port 1194 of my ip public on the port 1194 of the ip private of the eth2 interface of my french server.
when ppp0 is activate i can't connect from internet (on my ip public)
Can you please, check after you activate ppp0:
1. Does your public IP remain the same on router? And can you ping it?
2. Does your port forward rule remain the same on your router? So, after ppp0 activation, router still does forward traffic from 1194 of its public IP to eth2 IP to port 1194.

Thanks
 
Old 07-08-2010, 11:51 AM   #15
computerz
LQ Newbie
 
Registered: Jun 2010
Location: France
Distribution: Ubuntu 10.04
Posts: 8

Original Poster
Rep: Reputation: 0
When I have ppp0 activate :

My IP Public is the same on my router

I can ping it

My Rule is the same :
Code:
NAT :
rule Number    Name      Port Type   Port Source   IP Private     Port Destination
1	       openvpn	 UDP	     1194	   192.168.1.100  1194
If I had after ppp0 activate a route :
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth2
It's working i can connect from outside on my ip public
but the problem is i have my french server ip for all port (http, https, ...)

IPTABLE -L :
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.0.3     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
109.169.17.78   192.168.1.1     255.255.255.255 UGH   0      0        0 eth2
109.169.17.78   192.168.1.1     255.255.255.255 UGH   0      0        0 eth2
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     1      0        0 eth2
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth2
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth2
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
So Can I do something for using this route is only available for openvpn port and all other port use 0.0.0.0 ppp0 route ?

Quote:
So, after ppp0 activation, router still does forward traffic from 1194 of its public IP to eth2 IP to port 1194
How can I test it ?

Last edited by computerz; 07-08-2010 at 01:52 PM.
 
  


Reply

Tags
iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirect iptables smart_shell Linux - Networking 2 06-15-2010 10:17 PM
Lipipq(iptables) . How do I redirect captured packet to another address with iptables inet905 Programming 0 05-25-2010 01:20 AM
iptables to redirect ip genderbender Linux - Networking 1 04-06-2008 01:53 AM
iptables redirect patvrs Linux - Networking 15 08-02-2005 08:31 AM
iptables redirect slack Linux - Networking 0 06-17-2002 04:04 AM


All times are GMT -5. The time now is 06:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration