LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-18-2009, 09:24 AM   #1
jonnytabpni
Member
 
Registered: Sep 2008
Posts: 68

Rep: Reputation: 16
port forwarding - multiple IP's and openvpn


Hi folks,

my ISP has assigned multiple IP's to my WAN interface. I wish to use eth0:1 to port forward to a web server who is on the other end of an openvpn tunnel (bridge mode - tap0)

I've tried:

iptables -t nat -A PREROUTING -p tcp --dport 80 -d xx.xx.xx.xx -i eth0 -j DNAT --to-destination 10.87.0.14:80

which doesn't work. The web browser just hangs on "Connecting to". From this server, I can ping 10.87.0.14.

Looking at tcpdump, I see port 80 traffic comming into the box but no sign of it leaving via tap0.

Since openvpn is in bridge mode, tap0 has an IP from the local subnet where the web server is.

There are no other iptables rules running on the box

Thanks
 
Old 09-18-2009, 09:41 AM   #2
bhaslinux
Member
 
Registered: Oct 2003
Location: UnitedKingdom
Distribution: Debian Bullseye
Posts: 357

Rep: Reputation: 49
No
Iptables cannot work with sub-interfaces.
you can work around this by

1. You can create a bridge br0 and enslave the main interface in the bridge
2. create a tun/tap device and enslave that too in the bridge
3. now use iptables on the tun/tap device
 
Old 09-19-2009, 01:41 AM   #3
jonnytabpni
Member
 
Registered: Sep 2008
Posts: 68

Original Poster
Rep: Reputation: 16
Hi There,

Actually I found that my post above does indeed work, I just had to enable IP forwarding and change the default gateway on the linux box!

However, bhaslinux, could I maybe get an example of how to put the interfaces in bridges? Do I really need to? Is my way unsafe?

Thanks

Last edited by jonnytabpni; 09-19-2009 at 01:42 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
openvpn new install help with ip's sir-lancealot Linux - Networking 1 06-10-2008 10:00 PM
IP Masquerading/UPnP problem - port not forwarding through multiple NATs ricka Linux - Networking 7 12-18-2006 04:53 PM
Port Forwarding and multiple gateways eqxro Linux - Networking 4 01-28-2006 09:32 AM
IPTables - Multiple Public IP's to private IP's matneyc Linux - Security 8 05-27-2005 12:23 PM
port forwarding with iptables and multiple ethernet interf. CleonII Linux - Security 8 04-15-2005 08:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration