Iptables

anon09 · 07-16-2018, 04:23 AM

Hello...

I have two internal LANS. 192.168.10.4 and 192.168.42.2, with the same interface name enp33s0. I am connecting to a VPN on port TCP 443.

I would like to connect to VPN when I use 192.168.42.2 and block from 192.168.10.4.

Can anyone help me how to do that?

Thank you!

rknichols · 07-17-2018, 05:34 PM

That's not really a job for iptables, but should be easy with policy based routing. A search for that brings up a good introduction in the very first hit.

anon09 · 07-18-2018, 01:16 AM

In the past I had 2 lines with iptables and it worked but not now.

anon09 · 07-18-2018, 05:01 AM

Quote:

Originally Posted by rknichols

That's not really a job for iptables, but should be easy with policy based routing. A search for that brings up a good introduction in the very first hit.

Is better to do over ovpn file or in my linux machine?

Thank you

rknichols · 07-18-2018, 08:36 AM

You'll have to describe your setup in more detail. I interpreted your post to mean that you wanted to route outgoing traffic from one of your internal LANs via some external VPN provider. "Do over ovpn file" suggests that is not the case.

anon09 · 07-18-2018, 10:19 AM

Quote:

Originally Posted by rknichols

You'll have to describe your setup in more detail. I interpreted your post to mean that you wanted to route outgoing traffic from one of your internal LANs via some external VPN provider. "Do over ovpn file" suggests that is not the case.

As I said I have two internal LANS. 192.168.10.4 and 192.168.42.2, (with the SAME PC) I am connecting to VPN (nordvpn ipvanish....etc) with port on TCP 443.

Everything works fine but I don't want to connect when I use 192.168.10.4, I want to block it. I am linux user and I am connecting in VPN with ovpn file via openvpn in mate environment.

I thought that I could do with iptables , So how can I route the traffic only at 192.168.42.2 and any other lans reject. I am thinking that I can do it over ovpn file or route command via terminal.

Would you like to tell me how to do that? I am searched a lots of examples but I cannot understand.

Thank you for your time.

anon09 · 07-20-2018, 10:58 AM

Can anyone help? I try three week to find a solution.

rknichols · 07-20-2018, 11:42 AM

I haven't had a chance to look into the details. It would help to know what your routing looks like with the VPN active. Post the output from "ip route show" (wrapped in [CODE] ... [/CODE] tags, please).

anon09 · 07-20-2018, 11:52 AM

Quote:

Originally Posted by rknichols

I haven't had a chance to look into the details. It would help to know what your routing looks like with the VPN active. Post the output from "ip route show" (wrapped in [CODE] ... [/CODE] tags, please).

This example is when I want to connect to a vpn.

default via 10.7.7.1 dev tun0 proto static metric 50
default via 192.168.42.3 dev enp33s0 proto static metric 100
10.7.7.0/24 dev tun0 proto kernel scope link src 10.7.7.13 metric 50
169.254.0.0/16 dev enp33s0 scope link metric 1000
192.168.42.0/24 dev enp33s0 proto kernel scope link src 192.168.42.24 metric 100
217.23.3.91 via 192.168.42.3 dev enp33s0 proto static metric 100

This example is when I DON'T want to connect to a vpn, but I want to block it.

default via 192.168.10.1 dev enp33s0 proto static metric 100
169.254.0.0/16 dev enp33s0 scope link metric 1000
192.168.10.0/28 dev enp33s0 proto kernel scope link src 192.168.10.3 metric 100