Re: Alternate route for port 80
Hello,
Onur Aslan a écrit :
>
> I want to use my VPN for outgoing port 80 connections in my Debian router.
>
> tap0 is my virtual VPN device created by openvpn.
>
> Now, I want to use an alternate route for only port 80 outgoing
> traffic. I create a table and set default gateway for this table with:
>
> # echo 10 alter >> /etc/iproute2/rt_tables
> # ip route add default via 192.168.4.1 table alter
>
> And I create a fwmark and mark OUTPUT requests with:
>
> # ip rule add fwmark 0x10 table alter
> # iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK \
> --set-mark 0x10
Looks fine so far.
> In my theory this should work, but it's not working. When I use that I am
> not able to connect any website. What I am missing here? What should I add
> to my alternate routing table to make it work?
In the routing tables, nothing.
1) You need a SNAT/MASQUERADE iptables rule for traffic going through
the VPN so that it goes out with the address assigned to the VPN
interface as the source address, otherwise the packets will have the
default source address, i.e. the one assigned to the default internet
interface.
2) You may need to disable/soften source validation on the VPN interface
(i.e. max(net.ipv4.conf.all.rp_filter,net.ipv4.conf.all.rp_filter)=0 or
2, but not 1) in order to accept return traffic through the VPN.
Reply to: