Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I try to configure a server at home on Ubuntu 10.04 (French Server)
I have 3 network :
eth1 for lan (IP FIX) 192.168.1.100
ppp0 for a vpn connection on an English Server (IP DHCP)
tun0 for openvpn i use it to connect to my French Server from Anywhere
My problem is when i activate my ppp0 connexion i can't connect tun0 because all port are redirect on ppp0 connexion (i can connect only when i'm on the LAN)
OF course i redirect the port of my IP Public to my French Server IP Private. If i don't activate the ppp0 connexion i can connect to my server with tun0 connexion from everywhere !!!!
So i try do this redirection but it's not working and i don't no why ???
Code:
### Routing acces openvpn et vnc de la connexion ppp0 vers eth1
sudo iptables -t nat -A PREROUTING -j DNAT -i ppp0 -p udp --dport 1194 --to-destination 192.168.1.100
sudo iptables -t nat -A PREROUTING -j DNAT -i ppp0 -p tcp --dport 1194 --to-destination 192.168.1.100
sudo iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 -p udp --dport 1194 -d 192.168.1.100
sudo iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 -p tcp --dport 1194 -d 192.168.1.100
First of all. On your picture there is "french server" with ETH1, but on your routing output there is eth2.
So question is - is this the same server, and you drew incorrectly or this server has 2 ethernet cards- eth1 and eth2.
Second, TUN - is tunnel over some carrier. Before ppp0 activation there was only one default route - through eth2, this means eth2 points to internet and you can connect from internet through eth2 your tun0 virtual interface.
When you activate ppp0, (i think it is DHCP server) changes default route through ppp0, but ppp0 does not point to internet, it does to "english server", and now you have to connect to your tun0 virtual interface through "english server", which more likely isn't configured.
This is what I think happen, correct me, if I am wrong.
For eth2 or eth1 it's because i change my ethernet card after i post my first post and i don't know why now i have eth2 and no more eth1 !!!
For the ppp0 connection you have right !
But i can't configure the English Server because he's not mine i just use it for proxy to access to English Ressources (I don't have access to them if i'm connect with a French provider ip public !
Do you think it's possible to add a route just for the port 1194 to go on the eth2 connection and all other protocol go to ppp0 connection ?
You can try to do some thing.
Check this:/proc/sys/net/ipv4/conf/*/rp_filter
This is "Reverse Path Filtering", so when you have two interfaces and one of them points to default GW, iptables prevents packets come in from second interface.
So if in "rp_filter" 1 - it is enabled, 0 - disabled.
Write to there "0" and check, if you will able to connect through eth2 to tun0.
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
May be you will need to change "all" to your interfaces, and put "0" to each of them.
This changes will exist until reboot.
And of course eth2 needs to be connected to internet.
I put 0 on rp_filter for all, default, lo, ppp0, eth2, tun0.
I unplug and plug eth2, i restart openvpn service, i reconnect ppp0.
I can't connect tun0 from the outside but i can connect tun0 from eth2.
If I disconnect ppp0 i can connect from the outside and from eth2.
I double check i have really 0 in all interfaces !
Can you please, explain, what the difference between "can connect tun0 from outside" and
"can connect tun0 from eth2".
"Outside" for me is a public internet and to be able to connect from it one needs to connect to public IP, which has to be assigned to interface.
When you said "If I disconnect ppp0 i can connect from the outside and from eth2" you mean that "outside" doesn't come in through eth2?
I redirect on my router the port 1194 of my ip public on the port 1194 of the ip private of the eth2 interface of my french server
when ppp0 is activate i can now with your modification connect openvpn when i'm on the LAN (adresse ip of the client 192.168.1.10 openvpn on the lan adresse of my french server 192.168.1.100)
when ppp0 is activate i can't connect from internet (on my ip public)
but when ppp0 is not activate i can connect from internet (on my ip public) and from the LAN (adresse ip of the client 192.168.1.10 openvpn on the lan adresse of my french server 192.168.1.100)
when ppp0 is activate i can now with your modification connect openvpn when i'm on the LAN (adresse ip of the client 192.168.1.10 openvpn on the lan adresse of my french server 192.168.1.100)
It is already very good.
Quote:
I redirect on my router the port 1194 of my ip public on the port 1194 of the ip private of the eth2 interface of my french server.
when ppp0 is activate i can't connect from internet (on my ip public)
Can you please, check after you activate ppp0:
1. Does your public IP remain the same on router? And can you ping it?
2. Does your port forward rule remain the same on your router? So, after ppp0 activation, router still does forward traffic from 1194 of its public IP to eth2 IP to port 1194.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.