Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a Linux machine that act as router between internal networks and Internet. There are several network interfaces on this host, but right now we only talk about two as I see it:
eth0 - local network (172.16.1.1/16)
eth1 - Internet connection (Dynamic IP)
I have set up a new VPN connection (ppp0) on this host and I want some hosts in my network to use this link as "way out to the Internet" instead of eth1. All other hosts should use eth1 as before.
But how do I do this? I've tried to search for it, got some hints here and there. I've tried some, but nothing have worked out for me so far.
If you know how to do this, please give some examples on how this could be done. I guess that we're talking about both static routes as well as iptables entries to accomplish this.
you have to think about packet flow in iptables. Use the packet marking (it's a prerouting process) and then choose correct correct routing table. I send you a page with a good example.
If I understand this correctly, I can use this method but I only need to have one entry in the /etc/iproute2/rt_tables, the VPN link. All other traffic will go the same way as it does today, using the systems default gateway. Am I right?
Q1) The example show how this is done if you have two or more subnets that you wan't to route differently, but in my case I need to add a specific host in the same network as everything else instead of a specified subnet. Is that possible somehow?
While setting up these routing rules for the VPN connection, I have to specify an IP address for the VIA clause. I don't know this apparantly, I don't see it anywhere. I've checked in the /var/log/messages and it tells me:
CHAP authentication succeeded
PPP MPPE Compression module registered
MPPE 128-bit stateless compression enabled
local IP address X.X.X.83
remote IP address X.X.X.1
Q2) Should I use "remote IP address" from the ppp0 link to route via or is it possible somehow to use the "interface name" ppp0? I ask this because this IP address might be different the next time the link is set up.
// Robert
Last edited by nuvista175; 01-19-2012 at 06:26 AM.
yes, that link is just an example. You can use any kind of identify packet by (-s) source IP or mask or (-i) input interface. That is the way how to mark packet. Google 'iptables packet mark example' you obtain many relevant pages.
A2)
your second default route is to the gateway X.X.X.1 via ppp0
3. I've added a new entry in /etc/iproute2/rt_tables so that it look like this
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
1 ANONINE
4. I then use the two commads to set the default gateway for the ANONINE table and add the wanted host to that table
ip route add default via 178.73.197.1 dev ppp0 table ANONINE
ip rule add from 172.16.100.11/32 table ANONINE
5. All other hosts still got Internet connection through the "regular" default gateway but my 172.16.100.11 doesn't get any Internet connection at all.
6. I've got two rows in my /etc/sysconfig/iptables file also. I'm not certain about those but I thought they should be there to make the ppp0 connection work as my regular Internet connection does.
-A POSTROUTING -o ppp0 -j MASQUERADE
-A FORWARD -i eth0 -o ppp0 -j ACCEPT
(I've got the same two lines, but with -o eth1)
Is there easy way to see if my VPN is working at all? I can see traffic going on that device (ppp0) but I'm not really sure it works as it should. Any easy thing I can do to verify this?
If you have an opportunity - you may use SNAT for those IP addresses/subnets and NAT all traffic from them to the certain interface (VPN link).
But if you can not use NAT, this method is not preferred.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.