1 |
OK, I admit it, this is more of a Linux networking challenge, but it's |
2 |
one I want to resolve under gentoo. |
3 |
|
4 |
I have two network interfaces - eth0 and tun0 - and both are (somehow) |
5 |
connected to the internet. When I have eth0's IP address as my default |
6 |
route, all my traffic is sent out via my NAT enabled router and is |
7 |
associated with its dynamic IP address... however, while I can receive |
8 |
packets on the tun0 interface, replies are sent via eth0, and that means |
9 |
ping doesn't work and TCP connections to tun0's publicly accessible IP |
10 |
address fail. When I have tun0's IP address as my default route, all my |
11 |
traffic (inbound and outbound TCP connections) are routed over tun0... |
12 |
enabling the previously precluded inbound connections on tun0's publicly |
13 |
accessible IP address, but which is an unnecessarily inefficient use of |
14 |
the (more expensive) tun0 interface for outbound connections. |
15 |
|
16 |
What I really want is for eth0 to be used all the time, except for |
17 |
packets associated with TCP streams that connected from remote hosts to |
18 |
tun0's public facing IP address - when tun0 must be used. I don't |
19 |
need/want to support UDP or other protocols communicating via tun0 - and |
20 |
TCP connections to tun0 will only arrive on a handful of ports which I |
21 |
can determine up front. |
22 |
|
23 |
Should I be using IPTables for this, and - if so - is there a howto |
24 |
addressing this scenario? Is there a better approach than IPTables? |