| View previous topic :: View next topic |
| Author |
Message |
kpoman
Apprentice
Joined: 15 May 2003
Posts: 209
Location: Buenos Aires, Argentina
|
 Posted: Tue Sep 16, 2003 7:26 am Post subject: redirecting http through "the good interface" |
 |
|
Hello,
I have a problem with my isp, on which their transparent proxy is having much problems and is terribly slow ...
I have a tunnel from home to work, and my work's ISP is very good and prfessional, so I would like to route all my http requests and traffic through the vpn tunnel ... here is my current config:
| Code: |
root@kpoman incoming # ifconfig
eth1 Link encap:Ethernet HWaddr 00:09:5B:33:7D:1A
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1586653 errors:0 dropped:0 overruns:0 frame:0
TX packets:1651389 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1108323825 (1056.9 Mb) TX bytes:392146472 (373.9 Mb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3201 errors:0 dropped:0 overruns:0 frame:0
TX packets:3201 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1413308 (1.3 Mb) TX bytes:1413308 (1.3 Mb)
tun0 Link encap:Point-to-Point Protocol
inet addr:192.168.1.202 P-t-P:192.168.1.202 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2634 errors:0 dropped:0 overruns:0 frame:0
TX packets:2759 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:1601555 (1.5 Mb) TX bytes:232509 (227.0 Kb)
root@kpoman incoming #
|
I'd like to know if there is a way, with iptables i guess, to send all http incoming and outgoing through my works gateway/proxy living on 192.168.1.1 : 80 ... ?
_________________
please, help me, pity on me :'( |
|
| Back to top |
|
 |
irasnyd
Apprentice
Joined: 16 Feb 2003
Posts: 286
Location: Placentia, CA
|
| Posted: Tue Sep 16, 2003 9:07 am Post subject: |
|
|
Assuming tun0 is your VPN tunnel to your work:
| Code: |
route -A inet add 192.168.1.1 dev tun0
|
That might work.
If it doesnt, you can remove what the previous command did by typing:
| Code: |
route -A inet del 192.168.1.1 dev tun0
|
Hopefully it works tho. If it doesnt, the route tool should be able to do this for you, you shouldn't need iptables (I dont think) |
|
| Back to top |
|
|
kpoman
Apprentice
Joined: 15 May 2003
Posts: 209
Location: Buenos Aires, Argentina
|
| Posted: Tue Sep 16, 2003 10:01 am Post subject: |
|
|
Well I'd like to specify that requests to whatever port 80 should be sent through the tunnel, and not all the traffic !
I think the better solution would be to have a iptables rule ...
Another particular thing is that tun0 depends on eth1 !
_________________
please, help me, pity on me :'( |
|
| Back to top |
|
|
fragbert
Tux's lil' helper
Joined: 18 Apr 2003
Posts: 75
Location: Dallas, TX
|
| Posted: Tue Sep 16, 2003 7:24 pm Post subject: |
|
|
| kpoman wrote: | Well I'd like to specify that requests to whatever port 80 should be sent through the tunnel, and not all the traffic !
I think the better solution would be to have a iptables rule ...
Another particular thing is that tun0 depends on eth1 ! |
Yes -- It's a little complicated. I don't have a verbatim example on-hand, but this is how you will do it:
1) Put an entry into the iptables mangle/prerouting table to firewall-mark all tcp/http (port 80) traffic with some specific fwmark number. This will look like: | Code: | | iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 0x10 |
**note that the fwmark is usually in hex **
2) Add a new routing table with the 'ip' command (You may need to emerge it, I believe the package is net-misc/iputils). Add a default route to that table with the tunnel's endpoint as the next-hop.
3) Add a new rule with 'ip'; for packets that have their fwmark set to 0x10 (or whatever you decide to make it in the iptables rule), use the new routing table.
Now all packets that get fwmark'd (all of them with dport 80) will use tun0 as their next-hop. I hope that is clear. If you need any help or have any problems, just let me know.
Michael |
|
| Back to top |
|
|
kpoman
Apprentice
Joined: 15 May 2003
Posts: 209
Location: Buenos Aires, Argentina
|
| Posted: Tue Sep 16, 2003 9:42 pm Post subject: |
|
|
Hello,
thanks for the help  unfortunately I am completely newbie on networking and dont udnerstand well what all this means,
I am trying to read some tutorials now but it is not very easy because my http goes down and up all the time :/
my routing tables are like shown below:
pana caleca # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 wlan0
loopback localhost 255.0.0.0 UG 0 0 0 lo
default router 0.0.0.0 UG 0 0 0 wlan0
pana caleca #
the very strange thing about my network right now, is that sometimes it works really well and sometimes it gets completely dead and all http goes too slow,
the strange thing is that an already created connexion through this tunnel still works perfectly !
another very strange thing is that when I directly connect to the internet bypassing the mr314 netgear router the connexion works well, no slowdowns at all ... but when i am behind the router then it randomly goes slow....
this wasnt happening some days before ... it is really weird ...
the thing is ... i shyly ask for your help with those ip route commands, I read the man page but really dont understand what I should do, or how :'(
thanx anyway for all
_________________
please, help me, pity on me :'( |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
