LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (https://www.linuxquestions.org/questions/debian-26/)
-   -   iptable based routing with Hamachi (https://www.linuxquestions.org/questions/debian-26/iptable-based-routing-with-hamachi-4175564468/)

Zero00 01-20-2016 02:36 AM
iptable based routing with Hamachi
 
I have Hamachi installed on my server at home and my laptop at work, the goal is to route web traffic via Hamachi too my server at home which will act as the gateway.

I have set up the routes on the server, the iptables, and it will route anything coming from the Hamachi interface on to the internet, tested this and it works fine.

I have a routing table called 200 hamachi in rt_tables and I then run this script to set it up.

Code:
ip route flush table 200
ip route show table main | grep -Ev ^default \
    | while read ROUTE ; do
    ip route add table 200 $ROUTE
done

ip route add table 200 default via 5.0.0.1

iptables -t mangle -A PREROUTING -i wlan0 -p tcp --dport 80 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i wlan0 -p tcp --dport 443 -j MARK --set-mark 1

ip rule add fwmark 1 table 200
ip route flush cache
But it does not appear to work, used TCP dump and can confirm that nothing is sent down the Hamachi interface.

I am using Debian 8 (3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86_64 GNU/Linux)

its like the iptables are not changing the packet but after researching this it does appear that the iptables are correct and possible something else I am missing?

Ser Olmy 01-20-2016 05:59 AM
If the system in question is a router, then the above should work.

However, if you want to route locally generated traffic, you will have to use the OUTPUT chain of the mangle table to mark the packets.

See table 6.2 on this page for details regarding relevant tables and chains for handling locally generated traffic.

Zero00 01-20-2016 07:15 AM
Cool, that worked, the script now looks like this

Code:
ip route flush table 200
ip route show table main | grep -Ev ^default \
        | while read ROUTE ; do
        ip route add table 200 $ROUTE
done

ip route add table 200 default via 5.0.0.1

#IPtables
iptables -t mangle -A OUTPUT -o wlan0 -p tcp --dport 80 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -o wlan0 -p tcp --dport 443 -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -o ham0 -j MASQUERADE

ip rule add fwmark 1 table 200
ip route flush cache
And its working, I had to add "iptables -t nat -A POSTROUTING -o ham0 -j MASQUERADE" as without it I never got the return data, is their a better way to do it or is that the best?

Zero00 01-21-2016 03:17 AM
Ok, got this fully working now with this script

Code:
#!/bin/bash

#fix MTU
ifconfig wlan0 mtu 1404 up
ifconfig eth0 mtu 1404 up

#Make Hamachi IP table
ip route flush table 200
ip route show table main | grep -Ev ^default \
        | while read ROUTE ; do
        ip route add table 200 $ROUTE
done

ip route add table 200 default via 5.0.0.1

#IPtables
iptables -t mangle -A OUTPUT -o eth0 -m owner --uid-owner <USERNAME> -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -o wlan0 -m owner --uid-owner <USERNAME> -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -o ham0 -m mark --mark 1 -j SNAT --to 5.0.0.2

ip rule add fwmark 1 table 200
ip route flush cache

#EOF
I am now routing everything from my user account on my laptop down hamachi to a server located in a hosting center that acts as a gateway, had to fix the MTU on both my interfaces as it was having an issue with cloudfront sites.

Thank you for the help


All times are GMT -5. The time now is 09:37 PM.