Routing certain traffic to tun0
I have an openvpn server with one interface (eth0). I'd like to route specific ports and types of traffic to tun0. How would I do this without causing a world of mess? Right now, the ovpn client can access the internet just fine, but I'd still like to route traffic like UDP on a port range and TCP on another port range to tun0.
Here's what I have so far. Ifconfig shows: eth0 Link encap:Ethernet HWaddr 12:31:38:04:9E:86 inet addr:10.220.157.112 Bcast:10.220.157.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:33838 errors:0 dropped:0 overruns:0 frame:0 TX packets:27821 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:12692746 (12.1 MiB) TX bytes:12205848 (11.6 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:336 (336.0 b) TX bytes:336 (336.0 b) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:18221 errors:0 dropped:0 overruns:0 frame:0 TX packets:19736 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:3576288 (3.4 MiB) TX bytes:8350512 (7.9 MiB) iptables -L -v shows: Chain INPUT (policy ACCEPT 19784 packets, 4736K bytes) pkts bytes target prot opt in out source destination 4 336 ACCEPT all -- tun0 any anywhere anywhere 0 0 ACCEPT all -- tun0 any anywhere anywhere 0 0 ACCEPT all -- tun0 any anywhere anywhere 0 0 ACCEPT all -- tun0 any anywhere anywhere 0 0 ACCEPT all -- tun0 any anywhere anywhere Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 24576 11M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 7571 483K ACCEPT all -- any any ip-10-8-0-0.ec2.internal/24 anywhere 0 0 ACCEPT all -- any tun0 anywhere anywhere 0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT all -- any any ip-10-8-0-0.ec2.internal/24 anywhere 0 0 ACCEPT all -- any tun0 anywhere anywhere 0 0 ACCEPT all -- any tun0 anywhere anywhere 0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT all -- any any ip-10-8-0-0.ec2.internal/24 anywhere 0 0 ACCEPT all -- any tun0 anywhere anywhere 0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT all -- any any ip-10-8-0-0.ec2.internal/24 anywhere 0 0 ACCEPT all -- any tun0 anywhere anywhere Chain OUTPUT (policy ACCEPT 15187 packets, 8626K bytes) pkts bytes target prot opt in out source destination 65 4676 ACCEPT all -- any tun0 anywhere anywhere 0 0 ACCEPT all -- any tun0 anywhere anywhere 0 0 ACCEPT all -- any tun0 anywhere anywhere 0 0 ACCEPT all -- any tun0 anywhere anywhere 0 0 ACCEPT all -- any tun0 anywhere anywhere What would the proper iptables commands to input to route specific ports and ranges to tun0? TIA. |
If it is traffic going through rather than sourced from the host running the VPN, then mark the traffic on the inbound interface and set up policy routing to handle the traffic as marked.
Code:
iptables -t mangle -A PREROUTING -i eth0 -d 192.168.100.0/24 -p tcp -m tcp -m multiport --dports 1234,56:78 -j MARK --set-mark 0x1111 |
All times are GMT -5. The time now is 04:25 PM. |