Linux – how to set up wired and wireless to be used by different applications

iptableslinuxnetworking

My wired interface (eth0) is connected to a corporate VPN (which disallows all sorts of things via a proxy) while at the same time the wireless interface is connected to a guest wireless network on eth1 which has no restrictions.

How can I configure things (Ubuntu) in such a way that my wireless handles all browser connections while my wired handles the rest (nfs, etc.).

Best Answer

Since you're using an Ubuntu desktop, I presume you're managing your connections with NetworkManager.

You will need to do two things:

Edit your Ethernet interface in NetworkManager, choose Routes and then select Use this connection only for resources on its network.
Add static routes here for all of the IP address ranges in use on your corporate network that you need to access. The gateway for these should be your current gateway IP address for the eth0 interface. You can obtain a list of these networks from your network admin staff.

NetworkManager Routes

Once you have completed this, all of your traffic will go out via your wireless connection unless it's on one of the networks you specified a static route for.

You will probably need to set up your browser as well, so that it only proxies traffic bound for IP address ranges inside the corporate network. Better yet, use two Firefox profiles: one for the corporate network and one for general Internet usage.

(Part of this answer, and the above image, borrowed from the Ask Ubuntu question Force network-manager to use wireless for an Internet connection.)

Related Solutions

Ubuntu – Internet not working after upgrade to Ubuntu 10.10

So you have an ip address.. sounds like DNS problems..

Try this.. ( im guessing the DIG will fail )

dig google.com
ping 74.125.77.147

Ping works???.. good

edit your /etc/resolv.conf / add this at the bottom

nameserver 141.1.1.1

save the file

Run those commands again :D

and let me know

Iptables – How to route traffic from a VirtualBox VM only over a VPN

There will be other solutions, but this is what I'm thinking:

Setup the VM in bridge mode. This will give your virtual machine an IP address in the same network as your host.
Setup the VPN on the host, let's say it's tun0.
Enable routing on the host echo 1 > /proc/sys/net/ipv4/ip_forward
Setup the VM with the host IP address as the default gw.

At this point, the host has the VPN connection, and the VM will route all traffic to the host. All that is left to do is restrict the host so that it does not allow the guest to route any traffic that isn't going to go thru the tun0 device. You could do that with a set of iptables rules something like this:

iptables -P FORWARD DROP
iptables -A FORWARD -o tun0 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

That should work. The first rule sets a default policy to DROP packets in the FORWARD chain. This only effects packets that your host would route, not packets to the host (INPUT) or from the host (OUTPUT). The second rule allows any traffic that is routing out tun0 - you could tighten that up with a --source if you wanted. And the last rule should let replies coming back from tun0 to route back to the VM.

Will your VPN be expecting all packets on the tun interface to be from a single IP? If so, you'll want to add a NAT rule as well. Probably something like:

iptables -t nat -A POSTROUTING -o tun0 -j SNAT --to-source {your host tun0 ip}

Best Answer

Related Solutions

Ubuntu – Internet not working after upgrade to Ubuntu 10.10

Iptables – How to route traffic from a VirtualBox VM only over a VPN

Related Topic