Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
VVXoff2016-01-24 12:33:58
iptables
VVXoff, 2016-01-24 12:33:58

Redirect local traffic (IMAP/HTTP) connections to another route in Ubuntu?

Hello! In Ubuntu, you need to redirect local traffic from port 80 (or 995 for example) to another interface, i.e. NOT through the default route.
In the system: eth0: 192.168.15.20 subnet 255.255.255.0 default gateway 192.168.15.1 Need to redirect to PPP2 VPN connection: 192.168.50.2 gateway 192.168.10.1
I tried this:

создал таблицу в /etc/iproute2/rt_tables "100 redir"
ip route add default via 192.168.10.1 dev ppp2 table 100
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2
ip rule add fwmark 0x2/0x2 lookup 100
(взято отсюда: https://habrahabr.ru/post/108690/)
Так же пробовал маскарадить трафик:
iptables -t nat -A POSTROUTING -o ppp2 -j MASQUERADE

For the test, I used a browser - after applying the above, it stops opening pages. Watched tcpdump -i ppp2 port 80 - packets leave the interface. And the answers are coming! If you set the default route "ip route add default via 192.168.10.1 dev ppp2" everything works fine.
Tried with a connection to port 995. Entered commands:
ip route add default via 192.168.10.1 table 100
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 995 -j MARK --set-mark 0x3
ip rule add fwmark 0x3/0x3 lookup 100
iptables -t nat -A POSTROUTING -o ppp2 -j MASQUERADE

Here is the dump snippet:
# tcpdump -i ppp2 port 995
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp2, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
17:47:02.926110 IP 192.168.50.2.50747 > frv240.fwdcdn.com.pop3s: Flags [S], seq 2992313097, win 29200, options [mss 1460,sackOK,TS val 18945796 ecr 0,nop,wscale 7], length 0
17:47:03.206217 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18945796], length 0
17:47:03.925211 IP 192.168.50.2.50747 > frv240.fwdcdn.com.pop3s: Flags [S], seq 2992313097, win 29200, options [mss 1460,sackOK,TS val 18946046 ecr 0,nop,wscale 7], length 0
17:47:04.204445 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18946046], length 0
17:47:05.929222 IP 192.168.50.2.50747 > frv240.fwdcdn.com.pop3s: Flags [S], seq 2992313097, win 29200, options [mss 1460,sackOK,TS val 18946547 ecr 0,nop,wscale 7], length 0
17:47:06.206005 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18946547], length 0
17:47:09.205870 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18946547], length 0
17:47:09.933251 IP 192.168.50.2.50747 > frv240.fwdcdn.com.pop3s: Flags [S], seq 2992313097, win 29200, options [mss 1460,sackOK,TS val 18947548 ecr 0,nop,wscale 7], length 0
17:47:10.216299 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18947548], length 0
17:47:13.216328 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18947548], length 0
17:47:16.231110 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18947548], length 0

I do not know what to do - the answers come - they are seen as a dump. But applications (openssl, firefox) do not accept them. What else could it be?... Thanks for the advice! I've been struggling with this problem for 4 days.
Judging by the zero length of the packets, the client and the server cannot agree. Most likely due to the fact that the client sends a request along the default route, and the response comes from another interface. Maybe you need to change the sender address in the response source? Is the command correct -
iptables -t nat -A POSTROUTING --src 192.168.50.2 -p tcp --dport 80 -j SNAT --to-source 192.168.15.1 ???
================================================= ==========================================
SOLVED! Had to enable forwarding in the kernel:
/etc/sysctl.conf:
net.ipv4.ip_forward=1

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
A
AkZwork2019-10-20 03:00:54
How to direct all traffic in OpenVPN to DD-WRT and exclude some from there? 1Reply
V
virus1x2021-05-03 20:15:24
How to properly configure iptables port forwarding? 2Reply
P
Pavel Bezrukov2015-07-02 00:28:25
How to make friends between Docker and iptables-persistent or find another solution? 1Reply
O
onefinal2015-07-11 16:44:20
IPTV over vpn linux? 2Reply
M
mr_blond972015-07-24 03:22:20
How to find the config that uses iptables? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question