Networking :: Route Internet Traffic Over Tun0?
Mar 28, 2010
I have eth0 and tun0. tun0 is a VPN tunnel going over eth0. Everything on the other end is setup and working fine, when I type Code: traceroute 4.2.2.1 I see my the ping is going over 192.168.2.99 (eth0). When I then type Code: route add -net 4.2.2.1 netmask 255.255.255.255 dev tun0 traceroute 4.2.2.1 I see ping is going over 10.8.0.1 (tun0) instead of eth0, so that is working
What does not work however is when I do Code: route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0 traceroute 4.2.2.1 I get no ping! I believe the problem is because all traffic is routing over tun0, which means even the VPN tun0 needs to go through eth0, it can no longer do this. Is there a way around this where I can route everything except for 114.77.31.26 (which is my VPN gateway for tun0)?
View 18 Replies
ADVERTISEMENT
May 8, 2011
I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
View 4 Replies
View Related
Mar 4, 2010
My ISP has given me 3 IP addresses to use for the internet (76.148.200.3, 76.148.200.4 and 76.148.200.5).
If I do a "wget whatismyip.com" or netcat into another server, I am appearing as 76.148.200.3.How do I change my route (command line) in linux to route internet traffic through 76.148.200.5?
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
code....
View 9 Replies
View Related
Nov 21, 2010
My Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24)eth1 (External ISP DHCP)eth2 (External ISP Static IP)I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2
View 4 Replies
View Related
Dec 18, 2010
How will I monitor the traffic of tun0 ?
View 5 Replies
View Related
Sep 21, 2010
I have openvpn tunnel setup between two CentOS servers. One of the CentOS servers also acts as a DHCP server for some client computers.
Server A= OpenVPN server
Server B= OpenVPN client (connects to Server A with OpenVPN)
The two CentOS servers can ping each other (172.16.0.0/24) via the tun0.
However, client computer connected to Server B (DHCP server) can't reach 172.16.0.1 (which is the OpenVPN server).
I think I am missing some routing in my "ip route show". Following is the full picture:
What command can I issue to get this fixed? something along ip route add?
There is no firewall service on both end. service iptables stop! I can't bridge eth1 and tun0 as DHCP server might mess up the other side. I can't do a push of "redirect-gateway def1" because then clients loose their IP as they send DHCP requests to Server A.
View 2 Replies
View Related
Sep 20, 2010
I got to establish an OpenVPN connection between two server and I have dhcpd on the client server which feeds a few SIP phones. All these phones are supposed to the register server through the tunnel.Here is the network structure:
Client CentOS:
eth0: 192.168.0.0/24
eth1:192.168.100.0/24
tun0:172.15.0.0/24
DHCPD: feeding above eth1 and all the phones with 192.168.100.0/24
If I ping 172.15.0.1 from the the Client CentOS it works all fine. Everything pings and I can even do SSH. However, the phones which obtain their ip through eth1 on the same server can not reach the 172.15.0.1. I think it's a route issue here. Can you please guide me to the right direction as to how to forward certain traffic through tun0 and leave the rest of the traffic to go through eth0?
I don't want to turn on IPTABLES as this is time consuming for me now and there is VPN setup. It has to do with setting up the routing but I am not sure.
View 4 Replies
View Related
Sep 21, 2010
Here is what I need to accomplish but somehow not getting where I need:
Server A:
-OpenVPN Server
-NIC1 = Internet (vnet - public IP address)
-Tun0 - 172.16.0.1
Server B:
-OpenVPN Client - Connects to Server A as a Client.
[Code]...
View 4 Replies
View Related
May 11, 2010
I've succesfullly connected to my vpn with kvpnc, but none of my traffic is going through the vpn! I dont know how to route traffic to the vpn. for instance, when I go to whatsmyip.com it still has my previous ip.
View 1 Replies
View Related
Mar 18, 2011
I just installed a fresh copy of debian (no GUI). I want all my traffic on bash (such as when I do ping or dig or wget, basically whatever) to be sent to localhost:8080. How can I do that? I've a ssh port forward setup that will forward all traffic arriving at my localhost:8080 to another server.
View 4 Replies
View Related
Dec 10, 2010
I'm running Linux Mint 10 . I have a wireless PCMCIA card (Linksys WPC 11 ver.3) that I've put into master mode, and I'm trying to set up my laptop as a wireless hotspot. I am very confident that I want to do this and have no interest in using a wireless router....I say that because that topic inevitably comes up with posts like this. The problem I'm having is I don't understand how to get wlan0 and eth0 to "talk" to each other...That is, I don't know how to set it up so that traffic from wlan0 goes through eth0, so that devices that connect to my hotspot can access the internet.I've seen a few guides about this, but they were either much broader in scope (i.e. much more complex), or for other distributions, etc, and it's too much for me to follow as a linux .
View 6 Replies
View Related
May 10, 2011
I am trying to set up a Linux box that can act as a router (and firewall later). I have a Debian 5 installation and it has two nics in it. I am trying to use the linux route command to set up a route between the two interfaces. I am finding it difficult to do. Let me explain how I am trying to set up my network: I have the ethernet cable from my modem connecting to eth0 of my Debian box, then I have eth1 connecting to a switch, which I connect all my computers and other devices to. I want to have two different ip address schemes for the devices. So here is my interfaces file:
Code:
#eth0 connects to modem
allow-hotplug eth0
iface eth0 inet static
[code]....
So I am wondering, to get my ethernet traffic from eth0 to eth1 and vice versa, do I need to make it so the Gateway for Destination 192.168.1.0 is 10.1.1.1, and for Destination 10.0.0.0, Gateway 192.168.1.0? I have looked at the linux manpage for route and I am still confused. I have also looked at the Debian networking page, but it is still unclear to me how to do this. how I am to use the route command to get this working? Or am I not even supposed to use the route command?
View 4 Replies
View Related
Aug 21, 2010
I have a linux router with 2 physical ISPs and a VPN tunnel that all my traffic passes through. I would like to setup a rule to redirect all traffic from one internal IP address (10.0.0.x) through the physical link only. My current script is as follows.
iptables -F
iptables -X
echo 1 > /proc/sys/net/ipv4/ip_forward
[code]....
My goal is to do something similar to the mangle on the tor traffic, but for an entire host.
View 2 Replies
View Related
Mar 2, 2011
The task I am trying to complete is the virtualization of an IPv6 router created using two fedora machines. Here is the physical setup I have now...
PC1:eth0 <------> network
PC1:eth1 <------> PC2:eth0
PC1:eth2 <------> PC2:eth1
PC1 runs radvd to provide router advertisements to the network and a DHCPv6 server for stateful addresses.Each interface is configured on a separate subnet. PC2 runs a DNS server on eth0. PC2:eth1 is used as an IPv6 client for testing purposes. The connections from PC1 to PC2 are just crossover cables.I've created virtual machines of both PCs and have created 4 virtual adapters on the host machine for each of the local-only interfaces.Now I have this:
PC1:eth0 = HOST eth0
PC1:eth1 = HOST vboxnet0
PC1:eth2 = HOST vboxnet1
[code]....
View 2 Replies
View Related
May 7, 2011
My linux machine is connected to the outside internet, and I have a minecraft server running on an internal machine (192.168.1.201). Right now, I am forwarding port 80 on the linux machine to 192.168.1.30, which is working.
iptables -t nat -I PREROUTING -i eth0 -d 192.168.1.30 -j DNAT --to-destination 192.168.1.201
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.201
______________________________
I want to filter out the GET/POST requests and forward them to port 8080. I can't seem to get that working.
I've tried this:
iptables -A INPUT -d 192.168.1.30 -p tcp --dport 80 -m string --algo bm --string 'GET' -j REDIRECT --to-ports 8080
View 1 Replies
View Related
Apr 22, 2011
I am using Debian 5 and I have some networking experience, however I want to learn to do this the best way possible. I have a Debian box with two nics and I want to connect that to a switch and use my Debian box as a router basically, as well as having a firewall setup within that too.
Should I use iptables to set up nat or the route command or what? I just want to know the group of tools to use in order to set up my network. Network diagram: Internet <------> Debian Box <----> switch <----> hosts I found some guides but they are for linux 2.4 and i'm not sure if they are right.
View 1 Replies
View Related
Mar 10, 2009
I have a 4.7 VPS web server on the net and it works very well. I am intending to upgrade it to Centos 5.x and have been having a play using VMWare Appliances and VMWare Player. I have therefore installed a local 4.7 applicance (all works well) and a 5.2 appliance (can't get basic internet connectivity).
I am running VMWare in Vista (apologies) and am connecting via a broadband modem (which effectively presents a serial modem to the computer via a USB interface). Using VMWare I am hooking this up to either the 4.7 appliance (works fine) or the 5.2 appliance (detects fine and connects but there is a problem). I think the issue with 5.2 is a firewall or a routing issue
I have prepared a report of the most common things people would need to know. The 5.2 appliance can see the USB device (lsusb), connects fine and obtains an IP and DNS addresses (wvdial) but ping fails. However the same on the 4.7 appliance works fine - I can use yum, ping and lynx etc. I have turned off the firewall on both appliances, but something is still getting in the way in 5.2!
***********************************
CENTOS 5.2 - ROUTING ISSUES?
***********************************
* Have disabled the firewall using system-config-security-level
> lsusb
lsusb
Bus 001 Device 007: ID 0fce:d0c5 Sony Ericsson Mobile Communications AB
[Code]....
View 7 Replies
View Related
Apr 27, 2010
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
View 3 Replies
View Related
Mar 22, 2011
I am running Ubuntu Server 10.10. I have installed OpenVPN using this guide I have set up everything correctly as this guide says, but I am having problems with the config file. I want to securely route all traffic on the client to the server, how ever the server will not start. My config is below:
Quote:
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
[Code]......
The servers ip is 10.0.0.65 and I want to assign the clients the ip range of 10.0.0.200 to 10.0.0.20 When I try to start the server I get the message Fail.
View 8 Replies
View Related
Apr 22, 2011
I have an Ubuntu server box with multiple NICs. I'd like to specify that all traffic bound for a certain IP range goes through one NIC, and everything else goes through the other. Does anyone know how to do that? I'm not a total newbie, but I'm also not a linux guru (but usually can google my way to a solution...usually).
ETA: Source and destination IP for routing.We have 1 NIC with a public IP, all public IP's should talk to it.Another NIC with a private IP, all private traffic should talk to this.In practice, I have some devices on a different subnet of the public IP range we have that will only talk to the private IP.
View 2 Replies
View Related
Jul 8, 2011
I have a weird issue with source routing on a linux box.The plan goes like this:I have 2 internet providers at my office and i want to use a single router to route them both ( i don't need load balancing or failover). I just want access to either provider based on the ip i use on my pc. The first provider, let's call it RDS, is simple: i've got an RDS_IP, RDS_MASK and RDS_GW.The second provider is complicated, we'll call it INES. I have a INES_IP, INES_MASK, INES_GW and they also gave me a subnet of public ip's: ILAN_NET which i have to route myself through INES_IP.I also have a third nic with an local ip: LAN_NET and an alias for the INES subnet: ILAN_NETthe router has dhcp enabled, giving by default ip's from LAN_NET and using the default gw, RDSI have snat for the LAN_NET to go through RDS.
If i enter an ip from the ILAN_NET, instead of routing in through the INES_GW, it also goes through RDS_GW.the routing i've used for about 5 months has worked perfectly untill one day, when it just stopped. this is my setup:ip route add $RDS_MASK dev $RDS_IF src $RDS_IP table rdsip route add default via $RDS_GW table rdsip route add $INES_MASK dev $INES_IF src $INES_IP table inesip route add default via $INES_GW table inesip route add default via $RDS_GWip rule add from $RDS_IP table rdsip rule add from $INES_IP table inesip route add $LAN_NET dev $LAN_IF table rdsip route add 127.0.0.0/8 dev lo table rdsip route add $ILAN_NET dev $ILAN_IF table inesip route add 127.0.0.0/8 dev lo table ineswhat puzzles me the most is that this setup has worked, and now it doesn't .... without any changes on the router.I've tried everything save for a format/reinstall.
View 2 Replies
View Related
Oct 6, 2010
I am sharing my DSL internet connection using a modem+wireless router (single device) to 5 systems. I want all my internet traffic to go through one of the linux boxes in my network.
The problem here is that wireless devices connect directly to the modem+wireless router.
Is such routing of traffic possible??
PS: I am not sure if i could convey my situation clearly...
View 2 Replies
View Related
Mar 28, 2016
I am in serious situation involving PPTP protocol VPN in Debian 8 Jessie stable. I recently became a paid VPN subscriber. Using PPTP; Is there a way to automatically route all traffic through ppp0? Im getting the vpn service killed (ip address goes back to normal unmasked state) whenever there is a power outage (modem reset) and there are alot of those where I live, Im going to get astabilizer and I need a software solution for the situation as well. Theres gotta be a way to route all traffic through the VPN route ppp0 . I tried adding persist and maxfail 0 to the pptp config file but it did not do what i wanted.
Here's my peer configuration file :
pty "pptp blabla.net --nolaunchpppd"
name blablabla
password blablabla
remotename PPTP
file /etc/ppp/options.pptp
require-mppe-128
refuse-eap noauth
persist
maxfail 0
On a second note, its clear to add that I basically need a way to also auto load the line
pppd call blabla.net
and
route add default dev ppp0
On system startup by default so the computer does not use "Wired" connection ^at all^ when not through ppp0. Any other way of not losing VPN anonymity ever due to hardware malfunction.
Is there a way to do this? Ive looked on the net and everything seems like its either from the nineties or can fry my pc , Im no debian expert, less than a year at linux..
Need it to use wired only if ppp0 is being used so if its no vpn, no connection at all period,
View 1 Replies
View Related
Mar 9, 2009
Is there a nice easy to use tool that displays (in KB/s) the internet traffic from every IP on a network?
Currently I'm using iptraf, but it's very hard to understand at times.
A little info on my network:
I'm using SNAT for internet sharing.
View 4 Replies
View Related
Jul 19, 2011
My PC is part of a LAN so while configuring eth0, we specify the Gateway to access all other resources in the network. The PC successfully access Internet through a proxy server configured in Mozilla(manual proxy config) but the update option or the Synaptic Pkg mngr are not able to access internet anyway. I have tried the option "Apply System Wide" in "Network Proxy" but no progress so far.
I also tried to forward all request coming for udp/tcp on port 80 to the proxyserver on a specific port, but with no success. Also I can't ping any website from terminal, reiterating the fact that I can access internet in firefox through the proxy on a specific port.
View 2 Replies
View Related
Mar 30, 2010
I'd like to allocate a certain quota to my local user for their internet navigation.
View 8 Replies
View Related
Aug 23, 2009
I have a 2 machine LAN with both machines having an ethernet card and a wireless card. There is a Netgear router, both eth and WiFi, allowing both machines to access the internet.
On my Linux machine I am looking for some software that allows me to keep track of my broadband usage on that machine, excluding traffic between the two machines.
There are numerous such programmes for this in XP, which use Winpcap and a GUI frontend. The "other" machine on my LAN is XP and uses just such a program.
View 4 Replies
View Related
Jul 27, 2010
I have a desktop, a laptop, & a wireless router. The router, unfortunately, doesn't support dd-wrt, tomato, etc firmware, but I would still like to prioritize voip/web browsing over bulk Internet traffic. I hope I can offload the router's missing QoS to my desktop.
Is it possible to have the laptop's connection go from the wall to the router to the desktop, where the desktop could perform the QoS of tomato, then continue on to the laptop? I'm a bit of a noob to networking (subnets?) but do well enough following good instructions.
As for the program that would do the QoS... Don't some Linux machines basically work as super-powered routers for businesses? So there must be some package but couldn't find one. The closest I got was wondershaper but it only shapes traffic for the computer on which it's installed; it might form part of the solution but falls short on its own. other devices should be able to access the Internet normally if the desktop is turned off, & work with other devices like a (jailbroken) iPod Touch.
View 1 Replies
View Related
Feb 8, 2011
I have the standard wired LAN NIC and a wireless NIC installed. What my problem is, the wireless NIC will not take any internet traffic. The LAN connection gets it's internet from my LAPTOP with a Clear 4G module. I have a very strong wireless connection, but when I remove the LAPTOP from the network, I get nothing on my Ubuntu computer here, even though I have a solid connection. What is needed in the config to let the wireless run in the "back up" internet connection mode?
View 9 Replies
View Related
Aug 31, 2010
I have some questions about openVPN. I am wanting to hide my downloading through transmission and I'd like to know if I can use openVPN for this? Also do I need access to a server? I don't understand how it all works.
View 5 Replies
View Related
