I have a box behind a router(m0n0wall) which itself is running an ftp service, web service and SSH service. I do port forwards from the m0n0wall router to that box (box ip 192.168.1.20). I've recently setup a VPN client aswell and here is the problem.
I want incoming traffic on specific ports 22,443 on that box to be passed out the same way as they came in, namely eth0. The VPN connection is ppp0 and is set as default eth device(!). Can it be done in the following way?
Adding a mark rule to mark packages with destination ports 9091, 443 and 22
Code:
$iptables -t mangle -A PREROUTING -p tcp -i eth0 -m multiport --dport 9091,443,22 -j MARK --set-mark 85
Routing tables
Code:
$cat /etc/iproute2/rt_tables
255 local
254 main
253 default
0 unspec
85 special
192.168.1.1 is the gateway adress (router)
Code:
$ip route show table 85
192.168.1.0/24 dev eth0 scope link
default via 192.168.1.1 dev eth0
Code:
$ip rule
0: from all lookup local
32765: from all fwmark 0x55 lookup special
32766: from all lookup main
32767: from all lookup default
I'm doing this remote from another location, so don't want to make errors (I've already had my share of those
)
Am I missing something or does this look correct?
Any help is appreciated!