soniccool
Occasional Visitor
Hey there! I run this openvpn-event when i start my VPN so plex can bypass the VPN. But this causes any other computer on my network unable to load amazon.com correctly. I dont see why. Any ideas?
FYI plex.tv pulls IP's from amazon.
FYI plex.tv pulls IP's from amazon.
Code:
#!/bin/bash
# This code goes in the WAN UP section.
# This code based on the contributions from this thread:
# http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/
#
# And from material in these articles:
# http://linux-ip.net/html/adv-multi-internet.html
# http://fedorasolved.org/Members/kanarip/iptables-howto
#
# This script configures "selective" VPN routing. Normally, OpenVPN will route ALL traffic out
# the OpenVPN tunnel. These changes to iptables allow some outbound traffic to use the VPN, and some
# traffic to bypass the VPN and use the regular Internet instead.
#
# To list the current rules on the router, issue the command:
# iptables -t mangle -L PREROUTING
#
# Flush/reset all the rules to default by issuing the command:
# iptables -t mangle -F PREROUTING
#
#
# First it is necessary to disable Reverse Path Filtering on all
# current and future network interfaces:
#
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done
#
# Delete and table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING
#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
# NOTE: Here I assume the OpenVPN tunnel is named "tun11".
#
#
ip route show table main | grep -Ev ^default | grep -Ev tun11 \
| while read ROUTE ; do
ip route add table 100 $ROUTE
done
ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache
#
# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set
# to "1" it will bypass the VPN.
#
# EXAMPLES:
#
# All LAN traffic will bypass the VPN (Useful to put this rule first, so all traffic bypasses the VPN and you can configure exceptions afterwards)
iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
# Ports 80 and 443 will bypass the VPN
# iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 1
# All traffic from a particular computer on the LAN will use the VPN
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.4 -j MARK --set-mark 0
# All traffic to a specific Internet IP address will use the VPN
# iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 216.146.38.70 -j MARK --set-mark 0
# All UDP and ICMP traffic will bypass the VPN
# iptables -t mangle -A PREROUTING -i br0 -p udp -j MARK --set-mark 1
# iptables -t mangle -A PREROUTING -i br0 -p icmp -j MARK --set-mark 1
# All traffic from a specific Internet IP address range USING CIDR NOTATION will bypass the VPN
# iptables -t mangle -A PREROUTING -i br0 -s 74.125.229.0/24 -j MARK --set-mark 0
# All traffic to a specific Internet IP address range USING CIDR NOTATION will use the VPN
# iptables -t mangle -A PREROUTING -i br0 -d 98.207.0.0/16 -j MARK --set-mark 0
#new
#iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --sport 32400,32443 -j MARK --set-mark 2
#iptables -t mangle -A OUTPUT -p udp -m multiport --dport 17827,32400,32443,32410,32412,32413,32414,32469 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.4 -d plex.tv -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.4 -p tcp -m multiport --sport 32400,32443 -j MARK --set-mark 1
#old
#iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 32400 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.4 -p tcp -m multiport --sport 32400 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 8888 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.4 -p tcp -m multiport --sport 8888 -j MARK --set-mark 1
# Bypass Plex IP Ranges https://forums.aws.amazon.com/ann.jspa?annID=1701
# FROM/SOURCE
#iptables -t mangle -A PREROUTING -i br0 -s 184.169.128.0/17 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -i br0 -s 50.18.0.0/16 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -i br0 -s 54.241.0.0/16 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -i br0 -s 184.72.0.0/18 -j MARK --set-mark 1
#new
#iptables -t mangle -A PREROUTING -i br0 -s 54.176.0.0/16 -j MARK --set-mark 1
# TO/DESTINATION
#iptables -t mangle -A PREROUTING -i br0 -d 184.169.128.0/17 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -i br0 -d 50.18.0.0/16 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -i br0 -d 54.241.0.0/16 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -i br0 -d 184.72.0.0/18 -j MARK --set-mark 1
#new
#iptables -t mangle -A PREROUTING -i br0 -d 54.176.0.0/16 -j MARK --set-mark 1
#Bypass IPChicken
#iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 209.68.27.16 -j MARK --set-mark 1
Last edited:
