| 1 |
OK, I admit it, this is more of a Linux networking challenge, but it's |
| 2 |
one I want to resolve under gentoo. |
| 3 |
|
| 4 |
I have two network interfaces - eth0 and tun0 - and both are (somehow) |
| 5 |
connected to the internet. When I have eth0's IP address as my default |
| 6 |
route, all my traffic is sent out via my NAT enabled router and is |
| 7 |
associated with its dynamic IP address... however, while I can receive |
| 8 |
packets on the tun0 interface, replies are sent via eth0, and that means |
| 9 |
ping doesn't work and TCP connections to tun0's publicly accessible IP |
| 10 |
address fail. When I have tun0's IP address as my default route, all my |
| 11 |
traffic (inbound and outbound TCP connections) are routed over tun0... |
| 12 |
enabling the previously precluded inbound connections on tun0's publicly |
| 13 |
accessible IP address, but which is an unnecessarily inefficient use of |
| 14 |
the (more expensive) tun0 interface for outbound connections. |
| 15 |
|
| 16 |
What I really want is for eth0 to be used all the time, except for |
| 17 |
packets associated with TCP streams that connected from remote hosts to |
| 18 |
tun0's public facing IP address - when tun0 must be used. I don't |
| 19 |
need/want to support UDP or other protocols communicating via tun0 - and |
| 20 |
TCP connections to tun0 will only arrive on a handful of ports which I |
| 21 |
can determine up front. |
| 22 |
|
| 23 |
Should I be using IPTables for this, and - if so - is there a howto |
| 24 |
addressing this scenario? Is there a better approach than IPTables? |
Archives