Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 01-04-2015, 10:00 PM   #1
LQ Newbie
Registered: Jan 2015
Location: Toronto
Distribution: Xubuntu, Raspbian
Posts: 4

Rep: Reputation: Disabled
Post Connection timed out when using a second gateway

Hi everyone!

I try to build a server with my Raspberry PI (using the latest version of Raspbian, without any graphical interface). I have already looked at the Ubuntu and Debian wiki page about iptables and searched on Google a lot to finally make it work. But it doesn't work no more and I don't know why... Basically, I installed openvpn. I use it as a client (with --route-noexec so it doesn't change my routing table when I connect) to connect at PIA and as a sever. Server's traffic can't go over the VPN client. When someone connects to my server, he gets to browse the web using the tor network except on accessing my server's internal ip. Moreover, I use dnscrypt and opennic for DNS. I have already done the configuration for this and it worked. My problem is that it doesn't work no more...

Network related problem
To test my Internet I try wget It finds google's ip (so the DNS server works) but I get failed: Connection timed out. Let me post the bash scripts before I continue explaining the situation.
# Get pia variables
piaip="`ifconfig tun0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1 }'`"
if [ -z "$piaip" ]
echo "Run first!"

# clear everything.
iptables -F
iptables -t nat -F
iptables -t mangle -F

# set rules 
iptables -P INPUT DROP 
iptables -P OUTPUT ACCEPT 
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# pia 
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE # allows to communicate with the world
iptables -t mangle -A OUTPUT -j MARK --set-mark 3 # what's left is marked as 3 in order to pass through pia
# set the exceptions
iptables -t mangle -A OUTPUT -p udp --dport 1194 -j MARK --set-mark 4 # openvpn client
iptables -t mangle -A OUTPUT -p udp --dport 443 -d -j MARK --set-mark 4 # opennic dns
iptables -t mangle -A OUTPUT -p udp --sport 911 -j MARK --set-mark 4 # openvpn server
iptables -t mangle -A OUTPUT -o tun3 -j MARK --set-mark 4 # allow my clients to function
# end exceptions
iptables -t nat -A POSTROUTING -o tun0 -j SNAT --to-source $piaip # mark the correct source

# openvpn server and tor 
iptables -A INPUT -i wlan0 -p udp --dport 911 -j ACCEPT # openvpn server
iptables -A INPUT -i tun3 -p udp --dport 53 -j ACCEPT # tor dns
iptables -A INPUT -i tun3 -p tcp -j ACCEPT # allow connections to this server over openvpn server 
iptables -t nat -A PREROUTING -i tun3 -p tcp -d -j DNAT --to-destination # don't send this over tor
iptables -t nat -A PREROUTING -i tun3 -p tcp --syn -j REDIRECT --to-ports 9040 # send this over tor
echo ' working...'
# start connection to pia servers
openvpn --script-security 2 --config /etc/openvpn/pia/config.ovpn --daemon --route-noexec
sleep 5

# add rule if missing
piarule="`ip rule ls | grep pia`"
if [ -z "$piarule" ]
ip rule add from all fwmark 0x3 table pia

# delete left rules if any then add new ones
piaroute="`ip route show table pia`"
piag="`ifconfig tun0 | grep 'inet addr:' | cut -d: -f3 | awk '{ print $1 }'`"
if [[ -n "$piaroute" ]]
ip route del  table pia
ip route add default via dev lo table pia
ip route add via $piag dev tun0 table pia
ip route add via $piag dev tun0 table pia
echo ' done'
net.ipv4.conf.all.accept_source_route = 0
If I don't mark outgoing packages with 0x3 and therefore they don't go over the gateway in table pia, wget is successful. Does anybody know what's wrong?

Now it works again. I commented the 3 lines above in sysctl.conf (everything in that file is now commented) and I removed the masquerade line in I will soon post a tutorial about how to make a server like mine.

Last edited by dpcioc; 01-05-2015 at 01:48 PM. Reason: I found a solution


iptables, openvpn, route, rule, timeout

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Postfix/smtp] 25 connection refused / connection timed out wewanwang Linux - Server 2 12-22-2014 01:14 AM
[SOLVED] USB: Connection timed out SYS: Connection timed out PeterUK Programming 3 07-18-2013 02:59 AM
ssh: connection to host port: 22: Connection timed out lost connection cucolin@ Linux - Server 4 11-22-2011 06:15 AM
Connection Timed Out jwthomas Linux - Server 1 05-08-2009 09:34 PM
sendmail - Connection timed out [dsn=4.0.0 stat=Deferred: Connection timed out] ananthak Linux - Software 0 04-24-2007 07:28 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:26 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration