[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: Split traffic between VPN and local interface
From: Pascal Hambourg <pascal () plouf ! fr ! eu ! org>
Date: 2016-03-31 12:23:26
Message-ID: 56FD16BE.6050605 () plouf ! fr ! eu ! org
[Download RAW message or body]
Le 31/03/2016 07:32, Perol.Chen a écrit :
> Dear all:
>
> I start one vpn client on my computer, but I want my country's traffic
> direct from local interface,
>
> because the ip list is large, so I save them to ipset named chinaip.
>
> I use commands below split the traffic, 192.168.1.1 is local interface
> gateway, 10.7.0.2 is the vpn tun ip.
>
>
> id="11"
> ip rule add fwmark $id lookup $id
> ip route add default via 192.168.1.1 table $id
> iptables -t mangle -I OUTPUT 1 -m set --match-set chinaip dst -j MARK
> --set-mark $id
> iptables -t nat -A POSTROUTING -s 10.7.0.2 -o eth0 -j MASQUERADE
>
>
> wireshark show the traffic send to eth0, but the local process can not
> receive data.
>
> 128 5.583482000 192.168.1.118 180.149.134.141 TCP 74
> 33474 > http [SYN] Seq=0 Win=27840 Len=0 MSS=1392 SACK_PERM=1
> TSval=17843425 TSecr=0 WS=128
>
> 129 5.586962000 180.149.134.141 192.168.1.118 TCP 66
> http > 33474 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1448
> SACK_PERM=1 WS=128
>
> 249 6.332233000 192.168.1.118 180.149.134.141 TCP 74
> [TCP Retransmission] 33473 > http [SYN] Seq=0 Win=27840 Len=0 MSS=1392
> SACK_PERM=1 TSval=17843613 TSecr=0 WS=128
>
> 250 6.335188000 180.149.134.141 192.168.1.118 TCP 66
> [TCP Retransmission] http > 33473 [SYN, ACK] Seq=0 Ack=1 Win=14600
> Len=0 MSS=1448 SACK_PERM=1 WS=128
>
> There are all TCP Retransmission, Are there something problems?
You probably need to disable rp_filter on eth0.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic