creating Iptables for tun0 device

johnniealan · 05-22-2009, 04:16 AM

Hi all,

I need to create a iptable which suits the following.

1. The IP packets fron the tun device has to be routed to the outer world using eth0.
2.the incomming packets inteneded for the TUN device has to be routed to the tun0 device.

Thanks in advance
johnnie alan J

rayfordj · 05-23-2009, 03:24 PM

I do something like this when I need to route from client tun0 through server tun0 out server eth0 and back again. If server eth0 is static IP use '-j SNAT --to:xxx.yyy.aaa.bbb'

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

johnniealan · 05-24-2009, 11:04 PM

Thanks for your reply.

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward

This line will enable the ip forwarding.

Code:

iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

The above statements are to enable post routing through the eth0 device. I tried these commands ,but unfortunately the routing is not happening. The Ip packet which i send is reaching tun0 device but not been routed to eth0.

The third one is not clear. Actually I need only IP packet from <particular IP> has to be routed to tun0 device.

IP addresses
------------
eth0: 10.66.67.208
tun0: 10.66.67.247

I am sending an IP packet to the local server 10.66.67.220 in the same LAN. The source IP of the packet which I send is 10.66.67.208(eth0) and dest IP is 10.66.67.220.

Do I need to change the source IP to 10.66.67.247(tun0)?.

Here I am writing the IP packet to /dev/net/tun using the FD.

I am assuming that the eth0 device will add the ethernet header to the IP packet and send it across the LAN.

Can you show me the sample code which you used for opening the tun device and its ioctrl.

Thanks in advance,
johnnie alan J