Menu
What's new
By:
Filters Better Search

Routing VPN traffic only for a particular port

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

W

WuTang LAN

Regular Contributor
On my PC I have Plex running which works fine expect for remote access from outside of the LAN.
I have port-forwarded the port used by Plex and I have added a rule in the custom VPN config
Code: 
route plex.tv 255.255.255.255 192.168.1.1
neither have made my server accessible from outside the LAN.

I suspect it's to do with the VPN as I route all traffic to and from my PC through the VPN.

I would obviously rather not have to route all traffic through the WAN as this negates using a VPN. Is there anyway to keep all traffic on my PC routed through the VPN except for Plex?

I know that you can route all traffic for an entire device through either the WAN or the VPN, but what about just for a particular port?
 
Thank you for the link, octopus.

I have read through the information and hopefully I have understood it correctly.

Does the below look correct for routing all traffic on source port and destination port 32400 through the WAN?

Code: 
#!/bin/sh

sleep 10  # During the boot process nat-start may run multiple times so this is required               

# Ensure duplicate rules are not created
for VPN_ID in 0 1 2 3 4 5
   do
      ip rule del prio 999$VPN_ID  2>/dev/null
   done

# Create the RPDB rules
ip rule add from 0/0 fwmark "0x8000/0x8000" table main   prio 9990        # WAN   fwmark
ip rule add from 0/0 fwmark "0x7000/0x7000" table ovpnc4 prio 9991        # VPN 4 fwmark
ip rule add from 0/0 fwmark "0x3000/0x3000" table ovpnc5 prio 9992        # VPN 5 fwmark
ip rule add from 0/0 fwmark "0x1000/0x1000" table ovpnc1 prio 9993        # VPN 1 fwmark
ip rule add from 0/0 fwmark "0x2000/0x2000" table ovpnc2 prio 9994        # VPN 2 fwmark
ip rule add from 0/0 fwmark "0x4000/0x4000" table ovpnc3 prio 9995        # VPN 3 fwmark

iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.10 -p tcp -m multiport --dport 32400 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.10 -p tcp -m multiport --sport 32400 -j MARK --set-mark 0x8000/0x8000
 
I have created nat-start which looks like this

Code: 
#!/bin/sh

sleep 10  # During the boot process nat-start may run multiple times so this is required              

# Ensure duplicate rules are not created
for VPN_ID in 0 1 2 3 4 5
   do
      ip rule del prio 999$VPN_ID  2>/dev/null
   done

# Create the RPDB rules
ip rule add from 0/0 fwmark "0x8000/0x8000" table main   prio 9990        # WAN   fwmark
ip rule add from 0/0 fwmark "0x7000/0x7000" table ovpnc4 prio 9991        # VPN 4 fwmark
ip rule add from 0/0 fwmark "0x3000/0x3000" table ovpnc5 prio 9992        # VPN 5 fwmark
ip rule add from 0/0 fwmark "0x1000/0x1000" table ovpnc1 prio 9993        # VPN 1 fwmark
ip rule add from 0/0 fwmark "0x2000/0x2000" table ovpnc2 prio 9994        # VPN 2 fwmark
ip rule add from 0/0 fwmark "0x4000/0x4000" table ovpnc3 prio 9995        # VPN 3 fwmark

iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.10 -p tcp --dport 32400 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.10 -p tcp --sport 32400 -j MARK --set-mark 0x8000/0x8000

When I do

Code: 
iptables -nvL PREROUTING -t mangle --line

it shows that no traffic is being redirected through the WAN

Code: 
Chain PREROUTING (policy ACCEPT 785K packets, 756M bytes)
num   pkts bytes target     prot opt in     out     source               destination        
1     280K  207M MARK       all  --  tun11  *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x1/0x7
2    3589K 4945M BWDPI_FILTER  udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          
3        0     0 MARK       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.1.10-192.168.1.10 orts 32400 MARK or 0x8000
4        0     0 MARK       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.1.10-192.168.1.10 orts 32400 MARK or 0x8000

When I first created the nat-start script, it was working as intended very briefly- approx an hour before it no longer worked.

Please could one of you brain boxes assist?
 
You must log in or register to reply here.

Similar threads

S
VPN director and LAN traffic
Replies
2
Views
367
santhysouk
S
G
[Help] Routing VPN server through VPN client (external VPN Provider)
Replies
14
Views
1K
ZebMcKayhan
Z
G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
401
Grefyne
G
B
Firewall lan - vpn?
Replies
0
Views
267
blast
B
C
How can I do this.. Router VPN Client to Server 2
Replies
3
Views
313
ComputerSteve
C
Similar threads
Thread starter Title Forum Replies Date
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
nothingness RT-AC86U VPN Director Not Routing Through WAN Asuswrt-Merlin 1
lluke IPSec VPN Server and Internet routing Asuswrt-Merlin 5
S Multicast routing SSDP to Wireguard VPN client(s) Asuswrt-Merlin 5
B255ea006 VPN Director, incorrect/ not working routing Asuswrt-Merlin 4
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
Acru Bug Report: nvram chilli_enable=1 when guest network is removed causes no routing to occur Asuswrt-Merlin 2
P IPv6 routing table flags Asuswrt-Merlin 2
F Help with routing 2 VLAN's to the same Ethernet Port Asuswrt-Merlin 36
JCompagner Offloading ssl/tls for https (the router handling the https, routing http through) Asuswrt-Merlin 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 868 (members: 39, guests: 829)
Top