LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 01-20-2016, 02:36 AM   #1
Zero00
LQ Newbie
 
Registered: Jun 2014
Distribution: Windows 7, Fedora 20
Posts: 12

Rep: Reputation: Disabled
iptable based routing with Hamachi


I have Hamachi installed on my server at home and my laptop at work, the goal is to route web traffic via Hamachi too my server at home which will act as the gateway.

I have set up the routes on the server, the iptables, and it will route anything coming from the Hamachi interface on to the internet, tested this and it works fine.

I have a routing table called 200 hamachi in rt_tables and I then run this script to set it up.

Code:
ip route flush table 200
ip route show table main | grep -Ev ^default \
    | while read ROUTE ; do
    ip route add table 200 $ROUTE
done

ip route add table 200 default via 5.0.0.1

iptables -t mangle -A PREROUTING -i wlan0 -p tcp --dport 80 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i wlan0 -p tcp --dport 443 -j MARK --set-mark 1

ip rule add fwmark 1 table 200
ip route flush cache
But it does not appear to work, used TCP dump and can confirm that nothing is sent down the Hamachi interface.

I am using Debian 8 (3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86_64 GNU/Linux)

its like the iptables are not changing the packet but after researching this it does appear that the iptables are correct and possible something else I am missing?
 
Old 01-20-2016, 05:59 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,467

Rep: Reputation: Disabled
If the system in question is a router, then the above should work.

However, if you want to route locally generated traffic, you will have to use the OUTPUT chain of the mangle table to mark the packets.

See table 6.2 on this page for details regarding relevant tables and chains for handling locally generated traffic.
 
Old 01-20-2016, 07:15 AM   #3
Zero00
LQ Newbie
 
Registered: Jun 2014
Distribution: Windows 7, Fedora 20
Posts: 12

Original Poster
Rep: Reputation: Disabled
Cool, that worked, the script now looks like this

Code:
ip route flush table 200
ip route show table main | grep -Ev ^default \
	| while read ROUTE ; do
	ip route add table 200 $ROUTE
done

ip route add table 200 default via 5.0.0.1

#IPtables
iptables -t mangle -A OUTPUT -o wlan0 -p tcp --dport 80 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -o wlan0 -p tcp --dport 443 -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -o ham0 -j MASQUERADE

ip rule add fwmark 1 table 200
ip route flush cache
And its working, I had to add "iptables -t nat -A POSTROUTING -o ham0 -j MASQUERADE" as without it I never got the return data, is their a better way to do it or is that the best?
 
Old 01-21-2016, 03:17 AM   #4
Zero00
LQ Newbie
 
Registered: Jun 2014
Distribution: Windows 7, Fedora 20
Posts: 12

Original Poster
Rep: Reputation: Disabled
Ok, got this fully working now with this script

Code:
#!/bin/bash

#fix MTU
ifconfig wlan0 mtu 1404 up
ifconfig eth0 mtu 1404 up

#Make Hamachi IP table
ip route flush table 200
ip route show table main | grep -Ev ^default \
	| while read ROUTE ; do
	ip route add table 200 $ROUTE
done

ip route add table 200 default via 5.0.0.1

#IPtables
iptables -t mangle -A OUTPUT -o eth0 -m owner --uid-owner <USERNAME> -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -o wlan0 -m owner --uid-owner <USERNAME> -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -o ham0 -m mark --mark 1 -j SNAT --to 5.0.0.2

ip rule add fwmark 1 table 200
ip route flush cache

#EOF
I am now routing everything from my user account on my laptop down hamachi to a server located in a hosting center that acts as a gateway, had to fix the MTU on both my interfaces as it was having an issue with cloudfront sites.

Thank you for the help
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux routing/iptable rules suzanne_trump Linux - Networking 1 06-22-2014 04:57 AM
hamachi: /lib/libdl.so.2: version `GLIBC_2.4' not found (required by hamachi) hamac ted_chou12 Linux - Software 1 06-11-2013 02:42 AM
[SOLVED] hamachi /usr/share/hamachi/hamachid: cannot execute binary file ted_chou12 Linux - Software 1 05-27-2013 11:25 AM
iptable routing help DarkCaesar Linux - Networking 11 09-17-2004 05:54 AM
samba and ip masquerading = iptable/routing conflict? wlfdgcrkz Linux - Software 5 04-26-2003 03:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 07:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration