All Questions
15
questions
6
votes
2
answers
10k
views
Can't forward traffic from eth to TUN/TAP
I'm trying to forward traffic from a physical interface enp5s0 to a virtual one tun0. The goal is to make tun0 receive essentially all packets from enp5s0.
First, I enable forwarding with a command
...
1
vote
1
answer
16k
views
iptables - Allow traffic from GRE tunnel with reject-with option
System: CentOS 7.
/etc/sysconfig/iptables is like this:
...
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i gre1 -j ACCEPT # ...
12
votes
2
answers
82k
views
iptables forward traffic to vpn tunnel if open
I've used the following guide to set up my raspberry pi as an access point:
Raspberry Pi 3 as wifi access point
I'm forwarding wlan0 to eth0 and NATing all my traffic. Works great!
sudo iptables -t ...
3
votes
0
answers
1k
views
Why could policy routing on iptables marks applied in FORWARD or OUTPUT chains be inconsistent?
I am routing HTTPS connections down a SSH tunnel (-w) using iptables marks and iproute2 rules, the reasons I need to do it this way are contrived, to say the least, so most alternate solutions may not ...
3
votes
0
answers
111
views
How to unwrap a tunneled packet in iptables/netfilter and process the tunneled packet
I have a specific question regarding the Linux netfilter/iptables interaction.
Let's say I have an IP packet P1 inside of another IP packet P2 (that is, P1 is tunneled).
Now, the question is as ...
0
votes
1
answer
822
views
Redirect traffic through the server
My task is to redirect traffic (port range) through the server. Here is the schema:
Why NAT is not appropriate here: If NAT is set to "Tunnel Server", then all users will be assigned the same IP.
...
2
votes
0
answers
277
views
debugging iptables when tunneling one VPN through another
I seek to tunnel one SSL VPN (F5, running on my debian laptop==client) through another (OpenVPN, running on a debian linode==server), but lose all client networking (including, e.g., ping) after the ...
1
vote
0
answers
138
views
Transparent proxy to other IP of thousand ports
I was bought a service that only allow a IP, the IP that i say, only one, but I need use this from more IP's. I think that I can install in this computer a system to do a transparent proxy for ...
2
votes
0
answers
2k
views
how to open up socks/SSH on different network interfaces?
iptables -A PREROUTING -i usb0 -t mangle -p tcp --dport 8080 -j MARK --set-mark 1
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD ...
3
votes
1
answer
6k
views
Forwarding packets from loopback interface with policy-based routing
I have the following iptables rule:
iptables -t mangle -A PREROUTING -p udp -m udp --dport 10000 -j MARK --set-xmark 0x4/0xffffffff
which sets fwmark 4 on all udp packets with destination port 10000....
1
vote
1
answer
3k
views
Bridged TAP interface to virtualbox
I need bridged TAP interface on client side of my VPN to virtual machine. I use VirtualBox 4.3.12.
But in Adapter Network options in Attached to: Bridged adapter I do not see my TUN adapter.
I have ...
1
vote
0
answers
974
views
Packets sent through TUN interface not routed
I have a C program attached to a TUN interface. In this program, I'm building packets and writing them to the interface.
Now to check if packets are really sent from my TUN interface, I use iptables ...
1
vote
0
answers
332
views
Local Client/Server communication using TUN interfaces
I want to establish a local communication between a client and a server using TUN interfaces.
The client program will be attached to interface TUN1 and we suppose that it has IP address @IP1.
The ...
31
votes
4
answers
65k
views
What is the tun network interface for?
I noticed when running ifconfig that there is a network interface called tun0 and it has an ipv4 address. A bit of research shows that it is a tunneling device, but I don't really know how it's used, ...
7
votes
2
answers
16k
views
Why are incoming packets on a TAP interface seen with tcpdump but not with iptables?
A program injects packets on a Linux TAP interface (these packets are coming from a virtual machine). Specifically, these are DHCP requests (so they're UDP). I can see the packets with tcpdump but not ...