Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Iptables/TC: how to make masqueraded traffic go through an openVPN tun0?
Special Forums IP Networking Iptables/TC: how to make masqueraded traffic go through an openVPN tun0? Post 302188373 by theVOID on Wednesday 23rd of April 2008 09:36:20 AM
Old 04-23-2008
Iptables/TC: how to make masqueraded traffic go through an openVPN tun0?
Hi all!


We have a setup of three computers;
Machine A (eth0) -> Machine B (eth0, hso0, tun0) -> Machine C (eth0, tun0)

hso0 is the packet interface of a 3G modem, it behaves like a normal network interface.

Machine B and C are connected in a VPN using openVPN (TCP). Machine A is a client that receives Network-configuration using DHCP from Machine B automatically.

Machine A eth0 : DHCP
Machine B eth0 : 192.168.2.1
Machine B hso0 : Static IP addr, Internet use
Machine B tun0 : 10.11.0.10 (openVPN client)
Machine C eth0 : Static IP addr, Internet use
Machine C tun0 : 10.11.0.1 (openVPN server)

OpenVPN (server) is configured to allow Internet-traffic to its clients. Code in server.conf:
# Make sure clients traverse tun0 when accessing Internet
push "redirect-gateway def1"
# Push a DNS server (handled by openVPN)
push "dhcp-option DNS 10.11.0.1"

We're having issues to make Machine C release Internet traffic from Machine A. Note that we have setup masquerading on Machine B using iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.
Currently Iptables on Machine B and Machine C have a policy of ACCEPT.

We have managed to make traffic from Machine A reach Machine C, but only with the internal IP of 192.168.2.48 (DHCP).
OpenVPN drops those packets (as it should!) because they come from 192.* and not 10.*

Is there a way to solve this? Thank you!
 

10 More Discussions You Might Find Interesting

1. IP Networking

measuring traffic with iptables

i have a wireless network that is connected to internet over nat.there is ap that is connected to another ap in bridge mode, on ap is used for clients, and the other is connected to the machine that is doing masquerading. so i want to measure traffic of my clients and i thought about doing it with... (0 Replies)
Discussion started by: mdfk
0 Replies

2. IP Networking

Forwarding the IP packet from tun0 to/from eth0

Hi all, I am working on TUN/TAP for tunnelling IP packets from the application to the network. I am able to open the tun device and assign the IP address to tun0. The steps I followed are given, 1. Opened the tun device /dev/net/tun 2. Assigned a IP address to the tun0 using ifconfig... (5 Replies)
Discussion started by: johnniealan
5 Replies

3. Shell Programming and Scripting

Block incoming traffic FTP from internet using iptables

Hi everybody. I have the next scenary: eth0: WAN eth1: DMZ eth2: LAN I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles. I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies

4. IP Networking

OPENVPN on FREEBSD

Hello gurus , I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386 my xp ip is 192.168.0.12 my freebsd le0 ( ext iface, vmware bridged ) is 192.168.0.105 ( can ping google; etc...) my freebsd le2 (int iface, vmware local only) is 192.168.141.5 my freebsd le1 is disabled as... (0 Replies)
Discussion started by: cozsmin
0 Replies

5. IP Networking

Traffic shaping with iptables

hello, I have a postfix & a local dns running on a single server. this server is connected to internet via a low bandwidth line(with fixed ip). we also have another high speed adsl (dynamic ip). i want to divert all dns request from the local dns & postfix from the server to the adsl... (0 Replies)
Discussion started by: coolatt
0 Replies

6. Ubuntu

Iptables forward traffic to forward chain!!!

Hi, I am new to linux stuff. I want to use linux iptables to configure rule so that all my incoming traffic with protocol "tcp" is forwarded to the "FORWARD CHAIN". The traffic i am dealing with has destination addresss of my machine but i want to block it from coming to input chain and somehow... (0 Replies)
Discussion started by: arsipk
0 Replies

7. IP Networking

Dividing traffic with u32 iptables filter

I would like to divide traffic between two squid servers. I have been thinking about using iptables u32 filter, to check last bit of ip address which is comming to gateway. Then I would like to direct even IP adresses to one squid host, and odd to the other. Is it reasonable ? Thank you for... (2 Replies)
Discussion started by: new_item
2 Replies

8. UNIX for Dummies Questions & Answers

iptables for openvpn

Hey all, I'm trying to get openvpn working on DD-WRT router. I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Discussion started by: sdnix
0 Replies

9. Debian

Linux outbound traffic filtering with: cgroups + tc + iptables

I spent a lot of time trying to implement outbound traffic filtering with: cgroups + tc + iptables on Debian Jessie. Unfortunately there is still something wrong. The biggest issue is: - cgroups install + config - net_cls subsystem implementation - packets marking with net_cls - appropriate... (0 Replies)
Discussion started by: Novi
0 Replies

10. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

LEARN ABOUT OSF1

config

config(8)						      System Manager's Manual							 config(8)

NAME

       config - Builds system configuration files

SYNOPSIS

       /sys/conf/config [-k] [-p] [-q] system_name

FLAGS

       Creates	a  define  variable 'KDEBUG' that can be used to conditionally compile source code for kernel debugging.  Configure the system for
       profiling.  You must have sources to use this flag.  Concatenates and displays all the system configuration files, including any configura-
       tion files described in the /sys/conf/NAME.list file.

DESCRIPTION

       The  doconfig  command  calls the config command to build a set of system configuration files from a file that describes the sort of system
       that is being configured.  The config command also takes as input another file that tells it what files are needed to  generate	a  system.
       This other file can be augmented by a configuration-specific set of files that name alternate files for a specific machine.

       Normally,  you should run the doconfig program and not the config command.  If you need to issue the config command, be sure to change your
       directory to the /sys/conf directory.  As an argument to the config command, specify the name of a  system  configuration  file	containing
       device specifications, configuration options and other system parameters for that specific system configuration.  The config command places
       all its output files in the directory

       The output of config consists of a number of files; each machine type has its own specific set of files.  All machine types have a makefile
       which  is used by make during the system build.	Typically, there are also a set of header files which contain definitions of the number of
       various devices that will be compiled into the system, and a set of swap configuration files contain definitions for the disk areas  to	be
       used for swapping, the root file system, argument processing, and system dumps.

       After running config, you run make depend in the directory where the new makefile was created.

       If  any	other  error  messages are produced by config, the problems in the configuration file should be corrected and config should be run
       again.  Attempts to compile a system that had configuration errors are likely to be unsuccessful.

NOTES

       The line numbers reported in error messages are usually off by one.

FILES

       List of common files used to build the system List of files specific to NAME, where NAME is the value specified for the ident option in the
       system  configuration file Machine-independent portion of the makefile template used for building kernels from binaries Machine-independent
       portion of the makefile template used for building kernels from sources Machine-dependent portion of the makefile template List of machine-
       specific files Machine-specific name to major device mapping file

RELATED INFORMATION

       Commands:  make(1), doconfig(8)

       System Administration delim off

																	 config(8)
All times are GMT -4. The time now is 09:17 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy