| 1 |
On 17/06/2010 5:03 PM, Steve wrote: |
| 2 |
> OK, I admit it, this is more of a Linux networking challenge, but it's |
| 3 |
> one I want to resolve under gentoo. |
| 4 |
> |
| 5 |
> I have two network interfaces - eth0 and tun0 - and both are (somehow) |
| 6 |
> connected to the internet. When I have eth0's IP address as my default |
| 7 |
> route, all my traffic is sent out via my NAT enabled router and is |
| 8 |
> associated with its dynamic IP address... however, while I can receive |
| 9 |
> packets on the tun0 interface, replies are sent via eth0, and that means |
| 10 |
> ping doesn't work and TCP connections to tun0's publicly accessible IP |
| 11 |
> address fail. When I have tun0's IP address as my default route, all my |
| 12 |
> traffic (inbound and outbound TCP connections) are routed over tun0... |
| 13 |
> enabling the previously precluded inbound connections on tun0's publicly |
| 14 |
> accessible IP address, but which is an unnecessarily inefficient use of |
| 15 |
> the (more expensive) tun0 interface for outbound connections. |
| 16 |
> |
| 17 |
> What I really want is for eth0 to be used all the time, except for |
| 18 |
> packets associated with TCP streams that connected from remote hosts to |
| 19 |
> tun0's public facing IP address - when tun0 must be used. I don't |
| 20 |
> need/want to support UDP or other protocols communicating via tun0 - and |
| 21 |
> TCP connections to tun0 will only arrive on a handful of ports which I |
| 22 |
> can determine up front. |
| 23 |
> |
| 24 |
> Should I be using IPTables for this, and - if so - is there a howto |
| 25 |
> addressing this scenario? Is there a better approach than IPTables? |
| 26 |
> |
| 27 |
Check out iproute |
| 28 |
|
| 29 |
> * sys-apps/iproute2 |
| 30 |
> Latest version available: 2.6.31 |
| 31 |
> Latest version installed: 2.6.31 |
| 32 |
> Size of files: 363 kB |
| 33 |
> Homepage: |
| 34 |
> http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 |
| 35 |
> Description: kernel routing and traffic control utilities |
| 36 |
> License: GPL-2 |
| 37 |
|
| 38 |
This will allow you to control the flow of packets, so packets from |
| 39 |
Interface 1 will go back out the same interface. |
| 40 |
|
| 41 |
This is used in conjunction with iptables, as iptables is the |
| 42 |
firewall, and iproute is the packet classifyer/handler |
| 43 |
|
| 44 |
I was using this when I had 2 Internet accounts, a slow speed ADSL |
| 45 |
with static IP, and a cable BB one for the usual stuff (dynamic IP) |
Archives