Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Savostin2021-12-14 22:13:46
Computer networks
Sergey Savostin, 2021-12-14 22:13:46

How to forward virtual machine traffic through VPN?

Please tell me how to make this wish come true.
There is a Host (Proxmox), on it is a virtaulka. External ip 123.123.123.123. The virtual machine is spinning inside 10.0.0.0/24.
On the host, we start the OpenVPN client (tun0, 10.18.0.0/24) with the redirect-gateway disabled.
It is necessary to force all traffic from the virtual machine and back through the VPN, but only this traffic.
You cannot touch the virtual machine (inside, i.e. run the OpenVPN client inside the virtual machine).
Host config:

iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
        address  123.123.123.123/24
        gateway  123.123.123.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address  10.0.0.1
        netmask  24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
post-up         iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE


Tried iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o tun0 -j MASQUERADE
but something is missing...

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
S
Sergey Savostin, 2021-12-20
@savostin

Found the solution myself:

iptables -A FORWARD -i vmbr1 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o vmbr1 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
echo 100 vguest >> /etc/iproute2/rt_tables
ip rule add from 10.0.0.0/24 table vguest
ip route add default dev tun0 table vguest

Report
A
Alexey Dmitriev, 2021-12-15
@SignFinder

iproute2 is able to work with the traffic marked through iptables.
Mark the traffic in the PREROUTING table via iptables -j MARK --set-mark as you need, then pick it up with iproute2 and route it as you need.

Report
H
hint000, 2021-12-15
@hint000

Through iptables this task is not solved. At all.
Solved through tricky routing:
https://www.google.com/search?q=source+based+routing
https://habr.com/ru/post/108690/

Report
S
skvot, 2015-07-08
@aaadddminnn 

function calculate($number, $counter = 0)
{
    $result = $number + $number / 100 * 30;
    storeResult($result);
    
    if ($counter < 800) {
        calculate($result, ++$counter);
    }
}

Report
P
PO6OT, 2015-07-08
@woonem

$a=20; //input number
for($i=0; $i<=800; $i++){
$a+=($a/100*30);
$a=round($a);
echo $a.'
'; //write to database
}
but where did you learn to write $a=$a+... instead of $a+=... and $a=explode('.', $a); $a=$a[0]; instead of $a=round($a); ? And besides, you don’t understand cycles.
I wonder how you then know how to write to the database. Probably leafed through the textbook in search of the necessary functions. Don't repeat my mistakes. He did the same thing - now he's a govnokoder. The textbook should be read from cover to cover, and not selectively. You will only get better for it.

Similar questions
J
Jhon Do2020-02-28 15:16:47
Why are settings from /etc/network/interfaces ignored (and how does using NetworkManager affect this)? 2Reply
S
SVINTUS20002017-10-16 04:20:07
Network card blocking connections from other countries? 1Reply
F
fdroid2017-10-17 21:12:54
What is the best system for an x86 router? 12Reply
W
Wyrierit2020-03-03 16:49:31
Miracast does not work in my case. Can work with Honor 8? 1Reply
S
Steve2020-03-03 21:46:52
How to configure three routers that are connected in series? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question