canufrank
Occasional Visitor
I have a machine behind my router that is routed through the VPN tunnel. I would like certain traffic to use the WAN, but am failing to implement the solutions I've seen outlined in various threads. As a precursor, some threads utilize --dports while others use --sports in their listing.
In its simplest form, my script looks like
However, if I run { curl checkip.dyndns.com; } on MYNAS, I get the external (public) IP of the VPN tunnel.
So, trash that rule, add with --dports and flush cache. Now curl times out on MYNAS:
So, I think that's telling me that dports is the correct syntax. It also tells me that I'm missing something. By default the 2nd rule in filter/FORWARD is
(The INPUT chain has the same rule in position 1.) So, I don't know where this traffic is being stopped.
In its simplest form, my script looks like
Code:
TAGMARK=16; MYNAS=192.168.0.46; PORTDIR=sports
ip rule add from $MYNAS fwmark $TAGMARK table main prio 999
iptables -t mangle -I PREROUTING -i br0 -s $MYNAS -p tcp -m multiport --$PORTDIR 80,443 -j MARK --set-mark $TAGMARKHowever, if I run { curl checkip.dyndns.com; } on MYNAS, I get the external (public) IP of the VPN tunnel.
Code:
curl checkip.dyndns.com
<html><head><title>Current IP Check</title></head><body>Current IP Address: 172.98.67.46</body></html>So, trash that rule, add with --dports and flush cache. Now curl times out on MYNAS:
Code:
curl checkip.dyndns.com
curl: (7) Failed to connect to checkip.dyndns.com port 80: Connection timed outSo, I think that's telling me that dports is the correct syntax. It also tells me that I'm missing something. By default the 2nd rule in filter/FORWARD is
Code:
iptables -L FORWARD 2 -vn
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
11187 3840K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- tun11 * 0.0.0.0/0 0.0.0.0/0
Last edited:
