Trying to setup port redirection through 2nd gateway Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questioniptables redirect traffic from VPN interface to next interfaceOpenVPN and routing problem on OpenWRTopenvpn: iptables not forwardingIptables with libnetfilter NATing problemiptables - 2 Internetprovider - routingopenvpn connect two netsHow to catch conntrack markers correctly?How to route traffic from a specific user through a VPN on LinuxRouting traffic via different interface based on destinationPort forwarding over OpenVpn
How to tell that you are a giant?
What does this Jacques Hadamard quote mean?
Is it a good idea to use CNN to classify 1D signal?
What is homebrew?
Delete nth line from bottom
What font is "z" in "z-score"?
Why are the trig functions versine, haversine, exsecant, etc, rarely used in modern mathematics?
How would a mousetrap for use in space work?
Is it cost-effective to upgrade an old-ish Giant Escape R3 commuter bike with entry-level branded parts (wheels, drivetrain)?
How could we fake a moon landing now?
Why wasn't DOSKEY integrated with COMMAND.COM?
Is grep documentation wrong?
Is the Standard Deduction better than Itemized when both are the same amount?
Significance of Cersei's obsession with elephants?
How come Sam didn't become Lord of Horn Hill?
Would "destroying" Wurmcoil Engine prevent its tokens from being created?
Did MS DOS itself ever use blinking text?
How to Make a Beautiful Stacked 3D Plot
Do jazz musicians improvise on the parent scale in addition to the chord-scales?
Where are Serre’s lectures at Collège de France to be found?
Can anything be seen from the center of the Boötes void? How dark would it be?
Crossing US/Canada Border for less than 24 hours
Should I use a zero-interest credit card for a large one-time purchase?
How to answer "Have you ever been terminated?"
Trying to setup port redirection through 2nd gateway
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questioniptables redirect traffic from VPN interface to next interfaceOpenVPN and routing problem on OpenWRTopenvpn: iptables not forwardingIptables with libnetfilter NATing problemiptables - 2 Internetprovider - routingopenvpn connect two netsHow to catch conntrack markers correctly?How to route traffic from a specific user through a VPN on LinuxRouting traffic via different interface based on destinationPort forwarding over OpenVpn
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly
[localhost] -> [gateway] -> [remote] - OK
[localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.
What I did:
added gw1 to rt_tables
then used this rules
ip route add default via 10.8.0.1 dev tun0 table gw1
ip rule add fwmark 0x1 table gw1
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2
So I am testing tcp and udp connections and what I see:
- On remote side everything works correctly and packet is send back
to gateway to eth0 - On gateway packet gets passed back to vpn tunnel (tun0)
- On localhost that sent that packet I see how packet arrive to
10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.
I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.
Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?
Thanks
centos iptables routing nat
asked 9 hours ago
POMATuPOMATu
1063
add a comment |
I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly
[localhost] -> [gateway] -> [remote] - OK
[localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.
What I did:
added gw1 to rt_tables
then used this rules
ip route add default via 10.8.0.1 dev tun0 table gw1
ip rule add fwmark 0x1 table gw1
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2
So I am testing tcp and udp connections and what I see:
- On remote side everything works correctly and packet is send back
to gateway to eth0 - On gateway packet gets passed back to vpn tunnel (tun0)
- On localhost that sent that packet I see how packet arrive to
10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.
I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.
Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?
Thanks
centos iptables routing nat
asked 9 hours ago
POMATuPOMATu
1063
add a comment |
I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly
[localhost] -> [gateway] -> [remote] - OK
[localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.
What I did:
added gw1 to rt_tables
then used this rules
ip route add default via 10.8.0.1 dev tun0 table gw1
ip rule add fwmark 0x1 table gw1
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2
So I am testing tcp and udp connections and what I see:
- On remote side everything works correctly and packet is send back
to gateway to eth0 - On gateway packet gets passed back to vpn tunnel (tun0)
- On localhost that sent that packet I see how packet arrive to
10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.
I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.
Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?
Thanks
centos iptables routing nat
asked 9 hours ago
POMATuPOMATu
1063
I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly
[localhost] -> [gateway] -> [remote] - OK
[localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.
What I did:
added gw1 to rt_tables
then used this rules
ip route add default via 10.8.0.1 dev tun0 table gw1
ip rule add fwmark 0x1 table gw1
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2
So I am testing tcp and udp connections and what I see:
- On remote side everything works correctly and packet is send back
to gateway to eth0 - On gateway packet gets passed back to vpn tunnel (tun0)
- On localhost that sent that packet I see how packet arrive to
10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.
I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.
Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?
Thanks
centos iptables routing nat
centos iptables routing nat
asked 9 hours ago
POMATuPOMATu
1063
asked 9 hours ago
POMATuPOMATu
1063
edited 9 hours ago
POMATu
asked 9 hours ago
POMATuPOMATu
1063
asked 9 hours ago
POMATuPOMATu
1063
asked 9 hours ago
POMATuPOMATu
1063
1063
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
My rules are correct
Solution:
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
echo 1 > /proc/sys/net/ipv4/route/flush
Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.
answered 8 hours ago
POMATuPOMATu
1063
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f513060%2ftrying-to-setup-port-redirection-through-2nd-gateway%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
My rules are correct
Solution:
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
echo 1 > /proc/sys/net/ipv4/route/flush
Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.
answered 8 hours ago
POMATuPOMATu
1063
add a comment |
My rules are correct
Solution:
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
echo 1 > /proc/sys/net/ipv4/route/flush
Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.
answered 8 hours ago
POMATuPOMATu
1063
add a comment |
My rules are correct
Solution:
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
echo 1 > /proc/sys/net/ipv4/route/flush
Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.
answered 8 hours ago
POMATuPOMATu
1063
My rules are correct
Solution:
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
echo 1 > /proc/sys/net/ipv4/route/flush
Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.
answered 8 hours ago
POMATuPOMATu
1063
answered 8 hours ago
POMATuPOMATu
1063
answered 8 hours ago
POMATuPOMATu
1063
answered 8 hours ago
POMATuPOMATu
1063
1063
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f513060%2ftrying-to-setup-port-redirection-through-2nd-gateway%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-centos, iptables, nat, routing
