Linux port-based routing using iptables/ip route
- by user42055
I have the following setup:
192.168.0.4 192.168.0.6 192.168.0.1
+-----------+ +---------+ +----------+
|WORKSTATION|------| LINUX |------| GATEWAY |
+-----------+ +---------+ +----------+
192.168.150.10
|
192.168.150.9
+---------+
| VPN |
+---------+
192.168.150.1
WORKSTATION has a default route of 192.168.0.6
LINUX has a default route of 192.168.0.1
I am trying to use the gateway as the default route, but route port 80 traffic via the VPN.
Based on what I read at http://www.linuxhorizon.ro/iproute2.html I have tried this:
echo "1 VPN" >> /etc/iproute2/rt_tables
sysctl net.ipv4.conf.eth0.rp_filter = 0
sysctl net.ipv4.conf.tun0.rp_filter = 0
sysctl net.ipv4.conf.all.rp_filter = 0
iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 80 -j MARK --set-mark 0x1
ip route add default via 192.168.150.9 dev tun0 table VPN
ip rule add from all fwmark 0x1 table VPN
When I run "tcpdump -i eth0 port 80" on LINUX, and open a webpage on WORKSTATION, I don't see the traffic go through LINUX at all. When I run a ping from WORKSTATION, I get this back from some packets:
92 bytes from 192.168.0.6: Redirect Host(New addr: 192.168.0.1)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 de91 0 0000 3f 01 4ed3 192.168.0.4 139.134.2.18
Is this why my routing is not working ? Do I need to put GATEWAY and LINUX on different subnets to prevent WORKSTATION being redirected to GATEWAY ? Do I need to use NAT at all, or can I do this with routing alone (which is what I want) ?