Usogi 04-06-2008 03:43 AM

IPTables Reroute Outing Traffic Through VPN
ok, I have a bit of a project going on here.

I have a linux (ubuntu) router, it is setup and works great as a basic router. I'm wanting to setup a VPN back to my work and forward the following traffic through it:
Everything directed at the network
All traffic from

I have gotten all the traffic to work like I want with the following:

route add -net netmask dev ppp0
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth1 -j ACCEPT


eth0 is my WAN
eth1 is my LAN
ppp0 is my VPN

But I have no idea how to get all the traffic from to pass through VPN instead of the WAN... I just have no idea where to start. The REDIRECT in iptables looks interesting, but I'm thinking thats only for ports

Any help would be greatly appreciated

datopdog 04-07-2008 12:38 PM

on which side is ?

Usogi 04-08-2008 09:45 AM is on the LAN side (eth1)
10.0.0.* is the VPN (ppp0)

datopdog 04-08-2008 09:46 AM

Thats easy just change your default route to the ppp0 device.

Usogi 04-08-2008 10:24 AM

I'd already tried these on the router:

route add -host dev ppp0
route add -host gw

but they just kill the connection on the .125 computer. I can nolonger ping out to the internet or to the vpn. I kinda thought i was going down the wrong path with the route command...

datopdog 04-09-2008 04:47 PM

You can use the magic of iproute2 to create a separate routing table to handle that.

ip ro add dev ppp0 table 4
ip ro add dev eth1 table 4
ip ro add default dev ppp0 table 4
ip ru add from lookup 4
ip ru add from to lookup 4
ip ro fl cache

Usogi 04-11-2008 01:29 AM

sorry it took me a bit to respond.

AWSOME! that worked like a charm. I really like iproute2 stuff aswell, seems theres tons i can do in there =D


