LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-06-2016, 04:38 AM   #1
gartensofa
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Rep: Reputation: Disabled
Newbie problems with routes and/or iptables


Good day everybody.
I am quite new to linux, and somehow thought it to be a good idea to set up a small server for filesharing and network routing.
Im running Ubuntu Server 14.04.1.
My Interfaces are:
Code:
p2p1: (ethernet internal network)
IP: 192.168.1.2
ppp0 (USB-Modem to internet)
inet addr: [isp]
ptp: [isp_ptp]
tun0: (my openvpn server, udp:1194 for external access)
IP: 10.8.0.1
ptp: 10.8.0.2
tun1: (cyberghost vpn client, udp:443)
IP: [vpn_client]
ptp: [vpn_client_ptp]
Now, the NATing from p2p1 to ppp0 works. Connecting both VPNs works, but they generate absolutely no traffic according to ifconfig. tun1 is to be used by a transmission(torrent)-client running on the server.
I read a lot about routes and iptables, but cant figure out how to get:

- tun1 work for transmission.
EDIT: i start the vpn-client with the noroute-exec opzion, because otherwise it creates a feedback loop that causes my cpu to max out and pile up TX bytes on tun1.
- my own vpn server to work.

my filter iptable:
Code:
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere
   40  3881 ACCEPT     all  --  p2p1   any     anywhere             anywhere
    1   109 ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:openvpn

Chain FORWARD (policy ACCEPT 4599 packets, 5447K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 45 packets, 21268 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  any    lo      anywhere             anywhere             owner GID match debian-transmission
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:9091
    0     0 REJECT     all  --  any    !tun1   anywhere             anywhere             owner GID match debian-transmission reject-with icmp-port-unreachable
my nat iptable:
Code:
Chain POSTROUTING (policy ACCEPT 2 packets, 120 bytes)
 pkts bytes target     prot opt in     out     source               destination
   19  1175 MASQUERADE  all  --  any    ppp0    anywhere             anywhere
my routes:
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 ppp0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
[isp_ptp]       *               255.255.255.255 UH    0      0        0 ppp0
[vpn_client_ptp]*               255.255.255.255 UH    0      0        0 tun1
192.168.1.0     *               255.255.255.0   U     0      0        0 p2p1
Any input would be greatly appreciated.
Thanks a lot,
Dani

Last edited by gartensofa; 06-07-2016 at 03:54 AM.
 
Old 06-06-2016, 11:29 AM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Are you saving your firewall rules in '/etc/iptables.rules' or somehwere else? I'd like to see that file instead of iptables -L

What is 10.8.0.2?
 
Old 06-06-2016, 11:42 AM   #3
gartensofa
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hi Robert,
thanks for your reply.
Im using webmin to edit my iptables, after a quick google i could not find out if it uses a different file to store its configuration.. here is my
/etc/iptables.rules
Code:
# Generated by iptables-save v1.4.21 on Wed Apr 27 17:51:17 2016
*nat
:PREROUTING ACCEPT [2:104]
:INPUT ACCEPT [2:104]
:OUTPUT ACCEPT [1:86]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Wed Apr 27 17:51:17 2016
# Generated by iptables-save v1.4.21 on Wed Apr 27 17:51:17 2016
*mangle
:PREROUTING ACCEPT [84:22643]
:INPUT ACCEPT [60:14432]
:FORWARD ACCEPT [24:8211]
:OUTPUT ACCEPT [65:38403]
:POSTROUTING ACCEPT [88:46528]
-A OUTPUT -p udp -m udp --sport 9091
-A OUTPUT -p tcp -m tcp --sport 9091
COMMIT
# Completed on Wed Apr 27 17:51:17 2016
# Generated by iptables-save v1.4.21 on Wed Apr 27 17:51:17 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [24:8211]
:OUTPUT ACCEPT [44:27284]
-A INPUT -i lo -j ACCEPT
-A INPUT -i p2p1 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -m owner --gid-owner 113 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 9091 -j ACCEPT
-A OUTPUT ! -o tun0 -m owner --gid-owner 113 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Apr 27 17:51:17 2016
and /etc/iptables.up.rules
Code:
# Generated by iptables-save v1.4.21 on Wed Apr 27 18:18:39 2016
*filter
:OUTPUT ACCEPT [0:0]
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i p2p1 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m owner -o lo --gid-owner 113 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 9091 -j ACCEPT
-A OUTPUT -m owner ! -o tun1 --gid-owner debian-transmission -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
COMMIT
# Completed on Wed Apr 27 18:18:39 2016
# Generated by iptables-save v1.4.21 on Wed Apr 27 18:18:39 2016
*mangle
:FORWARD ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:INPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Apr 27 18:18:39 2016
# Generated by iptables-save v1.4.21 on Wed Apr 27 18:18:39 2016
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:INPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Wed Apr 27 18:18:39 2016
10.8.0.2 is the ptp-ip shown in the network interface of my local openvpn server:
Code:
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:336 (336.0 B)
 
Old 06-06-2016, 11:44 AM   #4
gartensofa
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Also, i just noticed that there are a few TX bytes in my tun0(local vpn server) and 1kb of up and down traffic on my tun1(cyberghost vpn client) after a few hours of being connected.
 
Old 06-07-2016, 03:53 AM   #5
gartensofa
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
I forgot: i start the vpn-client with the noroute-exec opzion, because otherwise it creates a feedback loop that causes my cpu to max out and pile up TX bytes on tun1.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Multi-WAN setup not load balancing / no round robin (iptables, ip routes, ip rules) robopt Linux - Networking 0 07-03-2013 04:44 AM
Iptables (NAT) and static routes Fredde87 Linux - Networking 4 05-18-2009 04:55 AM
iproute2 + iptables + multiple routes + squid + with kernel 2.6.29 oskrchile Linux - Networking 3 05-08-2009 05:39 AM
Static routes using routes/ifroutes-eth-id.. files and default gateway disabled TimtheEagle Linux - Networking 0 05-31-2008 08:08 PM
Routes, iptables and vpn midof Linux - Security 1 06-23-2005 07:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration