Trying to setup port redirection through 2nd gateway Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questioniptables redirect traffic from VPN interface to next interfaceOpenVPN and routing problem on OpenWRTopenvpn: iptables not forwardingIptables with libnetfilter NATing problemiptables - 2 Internetprovider - routingopenvpn connect two netsHow to catch conntrack markers correctly?How to route traffic from a specific user through a VPN on LinuxRouting traffic via different interface based on destinationPort forwarding over OpenVpn

How to tell that you are a giant?

What does this Jacques Hadamard quote mean?

Is it a good idea to use CNN to classify 1D signal?

What is homebrew?

Delete nth line from bottom

What font is "z" in "z-score"?

Why are the trig functions versine, haversine, exsecant, etc, rarely used in modern mathematics?

How would a mousetrap for use in space work?

Is it cost-effective to upgrade an old-ish Giant Escape R3 commuter bike with entry-level branded parts (wheels, drivetrain)?

How could we fake a moon landing now?

Why wasn't DOSKEY integrated with COMMAND.COM?

Is grep documentation wrong?

Is the Standard Deduction better than Itemized when both are the same amount?

Significance of Cersei's obsession with elephants?

How come Sam didn't become Lord of Horn Hill?

Would "destroying" Wurmcoil Engine prevent its tokens from being created?

Did MS DOS itself ever use blinking text?

How to Make a Beautiful Stacked 3D Plot

Do jazz musicians improvise on the parent scale in addition to the chord-scales?

Where are Serre’s lectures at Collège de France to be found?

Can anything be seen from the center of the Boötes void? How dark would it be?

Crossing US/Canada Border for less than 24 hours

Should I use a zero-interest credit card for a large one-time purchase?

How to answer "Have you ever been terminated?"



Trying to setup port redirection through 2nd gateway



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questioniptables redirect traffic from VPN interface to next interfaceOpenVPN and routing problem on OpenWRTopenvpn: iptables not forwardingIptables with libnetfilter NATing problemiptables - 2 Internetprovider - routingopenvpn connect two netsHow to catch conntrack markers correctly?How to route traffic from a specific user through a VPN on LinuxRouting traffic via different interface based on destinationPort forwarding over OpenVpn



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly



[localhost] -> [gateway] -> [remote] - OK



[localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.



What I did:
added gw1 to rt_tables
then used this rules



ip route add default via 10.8.0.1 dev tun0 table gw1
ip rule add fwmark 0x1 table gw1
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2


So I am testing tcp and udp connections and what I see:



  • On remote side everything works correctly and packet is send back
    to gateway to eth0

  • On gateway packet gets passed back to vpn tunnel (tun0)

  • On localhost that sent that packet I see how packet arrive to
    10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.

I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.



Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?



Thanks






centos iptables routing nat







share|improve this question






























    0















    I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly



    [localhost] -> [gateway] -> [remote] - OK



    [localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.



    What I did:
    added gw1 to rt_tables
    then used this rules



    ip route add default via 10.8.0.1 dev tun0 table gw1
    ip rule add fwmark 0x1 table gw1
    iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
    iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
    iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
    iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2


    So I am testing tcp and udp connections and what I see:



    • On remote side everything works correctly and packet is send back
      to gateway to eth0

    • On gateway packet gets passed back to vpn tunnel (tun0)

    • On localhost that sent that packet I see how packet arrive to
      10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.

    I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
    Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.



    Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?



    Thanks






    centos iptables routing nat







    share|improve this question


























      0












      0








      0








      I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly



      [localhost] -> [gateway] -> [remote] - OK



      [localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.



      What I did:
      added gw1 to rt_tables
      then used this rules



      ip route add default via 10.8.0.1 dev tun0 table gw1
      ip rule add fwmark 0x1 table gw1
      iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
      iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
      iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
      iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2


      So I am testing tcp and udp connections and what I see:



      • On remote side everything works correctly and packet is send back
        to gateway to eth0

      • On gateway packet gets passed back to vpn tunnel (tun0)

      • On localhost that sent that packet I see how packet arrive to
        10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.

      I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
      Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.



      Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?



      Thanks






      centos iptables routing nat







      share|improve this question
















      I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly



      [localhost] -> [gateway] -> [remote] - OK



      [localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.



      What I did:
      added gw1 to rt_tables
      then used this rules



      ip route add default via 10.8.0.1 dev tun0 table gw1
      ip rule add fwmark 0x1 table gw1
      iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
      iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
      iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
      iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2


      So I am testing tcp and udp connections and what I see:



      • On remote side everything works correctly and packet is send back
        to gateway to eth0

      • On gateway packet gets passed back to vpn tunnel (tun0)

      • On localhost that sent that packet I see how packet arrive to
        10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.

      I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
      Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.



      Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?



      Thanks






      centos iptables routing nat




      centos iptables routing nat






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 9 hours ago







      POMATu

















      asked 9 hours ago









      POMATuPOMATu

      1063




      1063




















          1 Answer
          1






          active

          oldest

          votes


















          0














          My rules are correct



          Solution:



          for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
          echo 1 > /proc/sys/net/ipv4/route/flush


          Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f513060%2ftrying-to-setup-port-redirection-through-2nd-gateway%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            My rules are correct



            Solution:



            for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
            echo 1 > /proc/sys/net/ipv4/route/flush


            Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.






            share|improve this answer



























              0














              My rules are correct



              Solution:



              for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
              echo 1 > /proc/sys/net/ipv4/route/flush


              Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.






              share|improve this answer

























                0












                0








                0







                My rules are correct



                Solution:



                for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
                echo 1 > /proc/sys/net/ipv4/route/flush


                Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.






                share|improve this answer













                My rules are correct



                Solution:



                for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
                echo 1 > /proc/sys/net/ipv4/route/flush


                Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 8 hours ago









                POMATuPOMATu

                1063




                1063



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f513060%2ftrying-to-setup-port-redirection-through-2nd-gateway%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -centos, iptables, nat, routing
                    -

                    Popular posts from this blog

                    Mobil Contents History Mobil brands Former Mobil brands Lukoil transaction Mobil UK Mobil Australia Mobil New Zealand Mobil Greece Mobil in Japan Mobil in Canada Mobil Egypt See also References External links Navigation menuwww.mobil.com"Mobil Corporation"the original"Our Houston campus""Business & Finance: Socony-Vacuum Corp.""Popular Mechanics""Lubrite Technologies""Exxon Mobil campus 'clearly happening'""Toledo Blade - Google News Archive Search""The Lion and the Moose - How 2 Executives Pulled off the Biggest Merger Ever""ExxonMobil Press Release""Lubricants""Archived copy"the original"Mobil 1™ and Mobil Super™ motor oil and synthetic motor oil - Mobil™ Motor Oils""Mobil Delvac""Mobil Industrial website""The State of Competition in Gasoline Marketing: The Effects of Refiner Operations at Retail""Mobil Travel Guide to become Forbes Travel Guide""Hotel Rankings: Forbes Merges with Mobil"the original"Jamieson oil industry history""Mobil news""Caltex pumps for control""Watchdog blocks Caltex bid""Exxon Mobil sells service station network""Mobil Oil New Zealand Limited is New Zealand's oldest oil company, with predecessor companies having first established a presence in the country in 1896""ExxonMobil subsidiaries have a business history in New Zealand stretching back more than 120 years. We are involved in petroleum refining and distribution and the marketing of fuels, lubricants and chemical products""Archived copy"the original"Exxon Mobil to Sell Its Japanese Arm for $3.9 Billion""Gas station merger will end Esso and Mobil's long run in Japan""Esso moves to affiliate itself with PC Optimum, no longer Aeroplan, in loyalty point switch""Mobil brand of gas stations to launch in Canada after deal for 213 Loblaws-owned locations""Mobil Nears Completion of Rebranding 200 Loblaw Gas Stations""Learn about ExxonMobil's operations in Egypt""Petrol and Diesel Service Stations in Egypt - Mobil"Official websiteExxon Mobil corporate websiteMobil Industrial official websiteeeeeeeeDA04275022275790-40000 0001 0860 5061n82045453134887257134887257

                    Image
                    Aera EnergyEssoEsso AustraliaExxonExxon NeftegasHumble OilImperial OilMagnolia Petroleum CompanyMobilMobil Producing NigeriaPetronSeaRiver MaritimeSuperior Oil CompanySyncrudeVacuum Oil CompanyXTO EnergyBaton Rouge RefineryBaytown RefineryMilford HavenExxon Building (New York)Fawley RefineryImperial Oil BuildingMossmorranNanticoke Refinery2010 ExxonMobil oil spill2010 Port Arthur oil spill2013 Mayflower oil spill Exxon Valdez oil spillGreenpoint oil spillSS Atlantic Empress SS Esso Brussels Colony Shale Oil ProjectEast-Prinovozemelsky fieldGoose Creek Oil FieldKearl Oil Sands ProjectKizomba deepwater projectOrmen LangePembina oil fieldPrudhoe Bay Oil FieldSable Offshore Energy ProjectSakhalin-ITengiz FieldTern oilfieldTuapse fieldWest Qurna FieldNational OilSasolSparSpar Express759 Store7-ElevenCircle KCUDaily YamazakiFamilyMartGS25LawsonMinistopParknShopPoplarSparStorywayVanGOemartSparampmBuy the WayBP ConnectCircle K SunkusDaily StopOn the Run7-ElevenBargain BoozeBest-OneBP ConnectB
                    Read more

                    Frič See also Navigation menuinternal link

                    Image
                    SurnamesCzech-language surnames ‹ The template Infobox surname is being considered for merging. › Frič Origin Language(s) Czechized German (eastern Middle German dialects and Alemannic German) - Thuringian, Upper Saxon, Low Lusatian, Silesian Meaning derived from German: Friedrich Other names Variant(s) Fritsch, Fritzsch, Frycz, Fricz, Fryczyński, Frietsch, Fritsche, Fritzsche; Fritschi (Alemannic), Fritz, Fritze, Fritzel, Fritzl, Fritzke, Fritzen Frič is a Czechized German surname. Notable people with the surname include: Alberto Vojtěch Frič, Czech botanist Antonín Jan Frič (Fritsch) , Czech paleontologist Jaroslav Erik Frič, Czech poet Martin Frič, Czech film director, screenwriter and actor See also Fričovce (Hungarian: Frics ) .mw-parser-output table.dmboxclear:both;margin:0.9em 1em;border-top:1px solid #ccc;border-bottom:1px solid #ccc;background-color:transparent Surname list This page lists people with the surname Frič . If an internal link intending to refer to a specifi
                    Read more

                    Identify plant with long narrow paired leaves and reddish stems Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?What is this plant with long sharp leaves? Is it a weed?What is this 3ft high, stalky plant, with mid sized narrow leaves?What is this young shrub with opposite ovate, crenate leaves and reddish stems?What is this plant with large broad serrated leaves?Identify this upright branching weed with long leaves and reddish stemsPlease help me identify this bulbous plant with long, broad leaves and white flowersWhat is this small annual with narrow gray/green leaves and rust colored daisy-type flowers?What is this chilli plant?Does anyone know what type of chilli plant this is?Help identify this plant

                    Image
                    Apollo command module space walk? prime numbers and expressing non-prime numbers Can a non-EU citizen traveling with me come with me through the EU passport line? Extract all GPU name, model and GPU ram How to deal with a team lead who never gives me credit? Why was the term "discrete" used in discrete logarithm? Why do we bend a book to keep it straight? When do you get frequent flier miles - when you buy, or when you fly? How come Sam didn't become Lord of Horn Hill? At the end of Thor: Ragnarok why don't the Asgardians turn and head for the Bifrost as per their original plan? Is it true that "carbohydrates are of no use for the basal metabolic need"? Using et al. for a last / senior author rather than for a first author How to tell that you are a giant? How to react to hostile behavior from a senior developer? String `!23` is replaced with `docker` in command line How to find out what spells would be useless to a blind NPC sp
                    Read more