Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have OpenVPN and PPTP installed on a VPS. I'm having a few questions that I can't seem to get a firm answer on.
I want to install OpenVPN on 1.1.1.1 (eth0, public IP address) and PPTP on 1.1.1.2 (eth0:1, public IP address). I was able to achieve this with SNAT. However, from all the tutorials I've been reading it recommends forwarding ppp+ to eth0 and vice versa and the same situation for the tun interface.
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
My setup is CentOS, dedicated server.
For some reason I'm assuming iptables will route all traffic from eth0 to tun0 and stop at that.
My question is,
1) Will these forward rules conflict with each other?
2) Will I need to forward the ppp+ to eth0:1 instead to avoid confliction? Is it even possible? I haven't figured out a way yet.
3) Is iptables smart enough to route traffic that is specific to tun and ppp through these rules?
It seems there is confusion as to what iptables does. With the listed commands, you are adding rules to a table that is used when the kernel routing routines determine that a packet is destined for delivery to another device. Using the first rule listed as an example, if a packet arrives on the tun0 device and the kernel routing table has a matching entry that the destin ation IP address can be reached through device eth0, then the packet will be sent on its way.
To answer your questions directly;
1). No
2). Probably not as your default policy is most likely ACCEPT which makes all these rules unnecessary anyway..... but they won't keep this from working.
3). Maybe this is a semantic distinction but iptables doesn't route traffic. It only drops packets, or not, based on the rules you enter.
3). Maybe this is a semantic distinction but iptables doesn't route traffic. It only drops packets, or not, based on the rules you enter.
This is not correct. iptables does route traffic and routing traffic through a VPN is not something new. A simple google search for "iptables route traffic" will reveal that. iptables can even handle network address translation. You can even get fancy with mangling but I digress.
I'll tackle the OP's problem tomorrow. For now it's my bed time.
@OP for now can you post your iptables config for me to review? Since you're using CentOS your configuration will be located at /etc/sysconfig/iptables. Where are you executing the commands you cite? Is it on the command line or are you running it in a script during start up?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.