Hello, I just created a virtual NIC and all the iptables rules that I did for a real NIC, I did for this virtual NIC too. Consider an OpenVPN server that has one NIC with three public IPs and you want to run an OpenVPN server.conf file for each IPs. You must set these three public IPs on your NIC and then launch your OpenVPN server. What is your opinion?
Are my iptables rules wrong? On Tuesday, July 25, 2023 at 11:33:16 PM GMT+3:30, Jochen Bern <jochen.b...@binect.de> wrote: On 25.07.23 12:22, Jason Long wrote: > You said "The rules seem to assume that Internet traffic *will* go out > $IF_MAIN and not enp0s3.", Why enp0s3? I created a virtual NIC (enp0s3:0) > and I want my traffic go through it. Am I wrong? I have no reason to doubt that you WANT to have it work like this. What did you *do* to MAKE that happen? Last time I read about similar issues - several *years* back -, the consensus IIRC was that when initiating a connection out of a physical NIC that has several IPs, the SRC IP will be chosen as -- the one *last* assigned to the NIC when running Linux, -- the *oldest* one when running Windows, and -- they all get used round-robin under BSD. I have no idea whether that does or doesn't extend from locally initiated connections to MASQUERADEd ones, though. Nailing it down with -j SNAT might be worthwhile, but since you have *several subnets* on that wire, you'd probably still need the routing table to agree with your choice. > # cat /proc/sys/net/ipv4/conf/all/forwarding > 1 (When you *read* the setting back, you might want to check the interfaces one by one, rather than just one "all" value ...) > Unfortunately, I do not have "/var/log/kern.log" file!!! /var/log/syslog ? /var/log/messages ? journalctl ? Maybe dmesg, even? > On the client routing tables are: > https://pastebin.mozilla.org/QEVppj9X > What is your opinion? 0.0.0.0/1 (and 128.0.0.0/1) point to the VPN and there's no more specific route to 8.8.8.8, so the pings *should* have gone into the VPN, as intended. Kind regards, -- Jochen Bern Systemingenieur Binect GmbH _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
