I have two interfaces: eth0 and tun5. eth0 is an ethernet to a router and tun5 is a VPN tunnel.
These are on an UnRaid server, which is based on Linux. It's a headless server so I access it via SSH.
I'm wanting to have all traffic go through the VPN, tun5, except for ports X, Y, and Z, which I want to come and go through the ethernet.
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.11 netmask 255.255.255.0 broadcast 192.168.1.255
ether 00:19:66:e6:bb:52 txqueuelen 1000 (Ethernet)
RX packets 21687 bytes 7281101 (6.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 64398 bytes 5734722 (5.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 0 (Local Loopback)
RX packets 3496 bytes 942735 (920.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3496 bytes 942735 (920.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun5: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.119.1.6 netmask 255.255.255.255 destination 10.119.1.5
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 9 bytes 764 (764.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 1 0 0 eth0
10.119.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun5
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
ip route
default via 192.168.1.1 dev eth0 metric 1
10.119.1.5 dev tun5 proto kernel scope link src 10.119.1.6
127.0.0.0/8 dev lo scope link
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.11
The router gives it an IP of 192.168.1.11 and that's what I use to SSH in.
Can anyone help me figure out some routing for this? I've tried following:
http://lartc.org/howto/lartc.rpdb.multiple-links.html and
http://www.linuxhorizon.ro/iproute2.html
but I get locked out of SSH near the end and can't proceed. Would I be on the right track if I can access the console directly?
Best Answer
Routing happens on IP level, ports start at the TCP level. So you can't use routes to switch for ports.
If you want to use iptables you might try this approach: iptables forward specific port to specific nic (StackOverflow)
You can also tell ssh to use a specific address to connecto to the server. You can either do this with
or you can set it more permanently in your ~/.ssh/config like this
whereby
<IP to bind>
would be192.168.1.11
in this case.