Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
[no subject]
huelsegge at gmx
Sep 15, 2007, 4:15 PM
Post #1 of 3 (7985 views)
Permalink
hi,

i am trying to set up routing of all outgoing http-requests on my
workstation through my openvpn gateway (tun0). the web told me to do it:

iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 4
ip rule add fwmark 4 lookup 3
ip route add default dev tun0 table 3


the problem is that it does not work. tcpdump gives me:

00:28:00.461045 IP (tos 0x0, ttl 64, id 28447, offset 0, flags [DF],
proto: UDP (17), length: 71) 192.168.0.125.1049 > vroot.domain: [udp sum
ok] 62654+ PTR? 67.11.71.195.in-addr.arpa. (43)
00:28:00.515190 IP (tos 0x0, ttl 56, id 0, offset 0, flags [DF], proto:
UDP (17), length: 127) vroot.domain > 192.168.0.125.1049: 62654 NXDomain
q: PTR? 67.11.71.195.in-addr.arpa. 0/1/0 ns: 71.195.in-addr.arpa. (99)
00:28:01.459744 arp who-has 195.71.11.67 tell 192.168.0.125
00:28:02.459844 arp who-has 195.71.11.67 tell 192.168.0.125


the arp-requests dont seem to be right, any suggestions?

Mario
--
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kanns mit allen: http://www.gmx.net/de/go/multimessenger
Re: Port-based routing with OpenVPN [ In reply to ]
pascal.mail at plouf
Sep 16, 2007, 4:05 AM
Post #2 of 3 (7638 views)
Permalink
Hello,

Mario Hülsegge a écrit :
>
> i am trying to set up routing of all outgoing http-requests on my
> workstation through my openvpn gateway (tun0). the web told me to do it:
>
> iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 4
> ip rule add fwmark 4 lookup 3
> ip route add default dev tun0 table 3

Looks fine.

> the problem is that it does not work. tcpdump gives me:
>
> 00:28:00.461045 IP (tos 0x0, ttl 64, id 28447, offset 0, flags [DF],
> proto: UDP (17), length: 71) 192.168.0.125.1049 > vroot.domain: [udp sum
> ok] 62654+ PTR? 67.11.71.195.in-addr.arpa. (43)
> 00:28:00.515190 IP (tos 0x0, ttl 56, id 0, offset 0, flags [DF], proto:
> UDP (17), length: 127) vroot.domain > 192.168.0.125.1049: 62654 NXDomain
> q: PTR? 67.11.71.195.in-addr.arpa. 0/1/0 ns: 71.195.in-addr.arpa. (99)
> 00:28:01.459744 arp who-has 195.71.11.67 tell 192.168.0.125
> 00:28:02.459844 arp who-has 195.71.11.67 tell 192.168.0.125

Was this trace captured on interface tun0 ?
Please use option -n so addresses and port numbers are not converted
into confusing names.
What is the address of vroot ? Is it the other end of the VPN ?
Is the OpenVPN link configured in TUN (IP) or TAP (ethernet) mode ? The
interface name tun0 suggests TUN mode, but the ARP requests suggest TAP
mode. If it is TAP mode, you must specify the gateway address in the ip
route statement just as you would do with a gateway on an ethernet link.
Re: Port-based routing with OpenVPN [ In reply to ]
huelsegge at gmx
Sep 19, 2007, 2:21 PM
Post #3 of 3 (7656 views)
Permalink
Hi,

and thank you for answering despite the fact i forgot to set a
subject :)

> Was this trace captured on interface tun0 ?
yes

> What is the address of vroot ? Is it the other end of the VPN ?
no, it is just my dns-server that has nothing to do with the vpn.

> Is the OpenVPN link configured in TUN (IP) or TAP (ethernet) mode ?
it is in tun mode, i have no idea why it acts like in tap mode.

Mario

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal