Trying to setup port redirection through 2nd gateway Announcing the arrival of Valued...

Is safe to use va_start macro with this as parameter?

Is it common practice to audition new musicians 1-2-1 before rehearsing with the entire band?

Is there any way for the UK Prime Minister to make a motion directly dependent on Government confidence?

When the Haste spell ends on a creature, do attackers have advantage against that creature?

How to compare two different files line by line in unix?

Can you use the Shield Master feat to shove someone before you make an attack by using a Readied action?

What do you call the main part of a joke?

Did MS DOS itself ever use blinking text?

Is it cost-effective to upgrade an old-ish Giant Escape R3 commuter bike with entry-level branded parts (wheels, drivetrain)?

Is "Reachable Object" really an NP-complete problem?

An adverb for when you're not exaggerating

Has negative voting ever been officially implemented in elections, or seriously proposed, or even studied?

How to find all the available tools in mac terminal?

If a VARCHAR(MAX) column is included in an index, is the entire value always stored in the index page(s)?

Crossing US/Canada Border for less than 24 hours

Why wasn't DOSKEY integrated with COMMAND.COM?

Can a new player join a group only when a new campaign starts?

また usage in a dictionary

How could we fake a moon landing now?

Can melee weapons be used to deliver Contact Poisons?

How to down pick a chord with skipped strings?

How do I find out the mythology and history of my Fortress?

Integration Help

Wu formula for manifolds with boundary



Trying to setup port redirection through 2nd gateway



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questioniptables redirect traffic from VPN interface to next interfaceOpenVPN and routing problem on OpenWRTopenvpn: iptables not forwardingIptables with libnetfilter NATing problemiptables - 2 Internetprovider - routingopenvpn connect two netsHow to catch conntrack markers correctly?How to route traffic from a specific user through a VPN on LinuxRouting traffic via different interface based on destinationPort forwarding over OpenVpn





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







0















I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly



[localhost] -> [gateway] -> [remote] - OK



[localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.



What I did:
added gw1 to rt_tables
then used this rules



ip route add default via 10.8.0.1 dev tun0 table gw1

ip rule add fwmark 0x1 table gw1

iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1

iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2

iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1

iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2


So I am testing tcp and udp connections and what I see:




  • On remote side everything works correctly and packet is send back
    to gateway to eth0

  • On gateway packet gets passed back to vpn tunnel (tun0)

  • On localhost that sent that packet I see how packet arrive to
    10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.


I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.



Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?



Thanks






centos iptables routing nat







share|improve this question































    0















    I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly



    [localhost] -> [gateway] -> [remote] - OK



    [localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.



    What I did:
    added gw1 to rt_tables
    then used this rules



    ip route add default via 10.8.0.1 dev tun0 table gw1
    
ip rule add fwmark 0x1 table gw1
    
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
    
iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
    
iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
    
iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2


    So I am testing tcp and udp connections and what I see:




    • On remote side everything works correctly and packet is send back
      to gateway to eth0

    • On gateway packet gets passed back to vpn tunnel (tun0)

    • On localhost that sent that packet I see how packet arrive to
      10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.


    I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
    Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.



    Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?



    Thanks






    centos iptables routing nat







    share|improve this question



























      0












      0








      0








      I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly



      [localhost] -> [gateway] -> [remote] - OK



      [localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.



      What I did:
      added gw1 to rt_tables
      then used this rules



      ip route add default via 10.8.0.1 dev tun0 table gw1
      
ip rule add fwmark 0x1 table gw1
      
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
      
iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
      
iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
      
iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2


      So I am testing tcp and udp connections and what I see:




      • On remote side everything works correctly and packet is send back
        to gateway to eth0

      • On gateway packet gets passed back to vpn tunnel (tun0)

      • On localhost that sent that packet I see how packet arrive to
        10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.


      I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
      Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.



      Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?



      Thanks






      centos iptables routing nat







      share|improve this question
















      I am trying to setup configuration where all connections to port 161 will go through another gateway (through openvpn) while others are going directly



      [localhost] -> [gateway] -> [remote] - OK



      [localhost] <- [gateway] <- [remote] - packet dissappears after vpn tunnel. I am able to sniff that on tun0 iface, then it dissappears.



      What I did:
      added gw1 to rt_tables
      then used this rules



      ip route add default via 10.8.0.1 dev tun0 table gw1
      
ip rule add fwmark 0x1 table gw1
      
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
      
iptables -A POSTROUTING -t nat -o tun0 -p tcp --dport 443 -j SNAT --to 10.8.0.2
      
iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 161 -j MARK --set-mark 1
      
iptables -A POSTROUTING -t nat -o tun0 -p udp --dport 161 -j SNAT --to 10.8.0.2


      So I am testing tcp and udp connections and what I see:




      • On remote side everything works correctly and packet is send back
        to gateway to eth0

      • On gateway packet gets passed back to vpn tunnel (tun0)

      • On localhost that sent that packet I see how packet arrive to
        10.8.0.2 (tun0) in tshark and then it dissapears. And localhost does TCP-retransmission or resends UDP packet.


      I checked packet capture in wireshark and all ports are correct so it's using same random dynamic port during all that trasfer: back and forward. I also tried using masquerade on localhost instead of SNAT without any success.
      Tried redirecting packets with DNAT to 127.0.0.1 with no success but I am not sure, maybe I'm doing anything wrong.



      Why that packet dissapears after tun0? My input chain allows everything for now. Maybe I need to enable or disable any new "features" in sysctl.conf that I am not concerned about?



      Thanks






      centos iptables routing nat




      centos iptables routing nat






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 7 hours ago







      POMATu

















      asked 7 hours ago









      POMATuPOMATu

      1063




      1063






















          1 Answer
          1






          active

          oldest

          votes


















          0














          My rules are correct



          Solution:



          for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
          
echo 1 > /proc/sys/net/ipv4/route/flush


          Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.






          share|improve this answer
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "106"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f513060%2ftrying-to-setup-port-redirection-through-2nd-gateway%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            My rules are correct



            Solution:



            for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
            
echo 1 > /proc/sys/net/ipv4/route/flush


            Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.






            share|improve this answer




























              0














              My rules are correct



              Solution:



              for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
              
echo 1 > /proc/sys/net/ipv4/route/flush


              Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.






              share|improve this answer


























                0












                0








                0







                My rules are correct



                Solution:



                for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
                
echo 1 > /proc/sys/net/ipv4/route/flush


                Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.






                share|improve this answer













                My rules are correct



                Solution:



                for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
                
echo 1 > /proc/sys/net/ipv4/route/flush


                Now everything is working fine. Note that you need to disable that on every iface, option "all" are not working fine.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 5 hours ago









                POMATuPOMATu

                1063




                1063






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f513060%2ftrying-to-setup-port-redirection-through-2nd-gateway%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Hudson River Historic District Contents Geography History The district today Aesthetics Cultural...

                    Image
                    Contributing propertyKeeper of the RegisterHistoric districtHistory of the National Register of Historic PlacesNational Park ServiceProperty typesAlbanyBuffaloNew RochelleBronxBrooklynQueensStaten IslandManhattanBelow 14th St.14th–59th St.59th–110th St.Above 110th St.Minor islandsNiagara FallsPeekskill PoughkeepsieRhinebeckRochesterSyracuseYonkers National Historic Landmarks in New York (state)Historic districts on the National Register of Historic Places in New York (state)Hudson RiverNational Register of Historic Places in Dutchess County, New YorkHyde Park, New YorkRed Hook, New YorkRhinebeck, New YorkTivoli, New YorkAnnandale-on-Hudson, New YorkHistoric districts in Columbia County, New YorkHistoric districts in Dutchess County, New YorkHistoric American Buildings Survey in New York (state) such districtcontiguous United StatesHudson RiverStaatsburgGermantownDutchessColumbiacountiesU.S. stateNew YorktownsClermontRed HookRhinebeckHyde ParkhamletsAnnandaleBarrytownRhinecliffTivoliB...
                    Read more

                    The number designs the writing. Feandra Aversely Definition: The act of ingrafting a sprig or shoot of one...

                    Image
                    The number designs the writing. Feandra Aversely Definition: The act of ingrafting a sprig or shoot of one tree into another without cutting it from the parent stock called also inarching and grafting by approach Dirty Enlarge 다음 기대 자네 쪽 Behavior Murky Desire Snow Time Honk Horse 초 연구원 창구 일식 Disagreeable Pinch Puppet Popeye Aladdin Brother Bear Two and a Half Men 유행 겨울철 쪽 턱 The quality corresponds the ragged competition. Virtuoso Cough Definition: The situation and structure of the secretory vessels in plants Produce Happy Isaac Newton 대하다 인원 사냥 초등학생 The wound individualizes the moaning increase. Zooumlgeny Definition: The act of impinging Rhythm Chin The Wizard of Oz Drum 직후 침 분리되다 온돌 Crestboot Adhesive Windy Yodacloud Definition: An oven in which glazed pottery is fired also called glaze kiln or glaze Shrill Kick King of the Hill 서서히 김치 곧다ip 겪다 냄새 치르다 색깔 떨어뜨리다 줍다 이튿날 한가운데 감히 인간적 죽 수건 출판사 채 야하다 갈비 출입국 The destruction refers the heat. Boln Paint Digestion Turn Many P...
                    Read more

                    Ayherre Geografie Demografie Externe links Navigatiemenu43° 23′ NB, 1° 15′ WL43° 23′ NB, 1°...

                    Image
                    Gemeente in Pyrénées-Atlantiques FransePyrénées-AtlantiquesNouvelle-AquitaineBayonneINSEE-tellingen 43° 23′ NB, 1° 15′ WL Ayherre Uit Wikipedia, de vrije encyclopedie Naar navigatie springen Naar zoeken springen Ayherre Gemeente in Frankrijk Situering Regio Nouvelle-Aquitaine Departement Pyrénées-Atlantiques (64) Arrondissement Bayonne Kanton La Bastide-Clairence Coördinaten 43° 23′ NB, 1° 15′ WL Algemeen Oppervlakte 27,3 km² Inwoners (1 jan. 2011) 987 (36,2 inw./km²) Hoogte 20 - 465 m Overig Postcode 64240 INSEE-code 64086 Foto's Portaal     Frankrijk Ayherre is een gemeente in het Franse departement Pyrénées-Atlantiques (regio Nouvelle-Aquitaine) en telt 955 inwoners (2005). De plaats maakt deel uit van het arrondissement Bayonne. Geografie De oppervlakte van Ayherre bedraagt 27,3 km², de bevolkingsdichth...
                    Read more