openVPN redirect inbound connection to eth0

themedserv · Post by **themedserv** » Thu Jan 15, 2015 4:52 pm

My goal is allow incoming connection on some ports on my public ISP address while openvpn is active:

I am using ubuntu and I can't make the mark works in iptable in any ways:

Code: Select all

iptables -t mangle -A PREROUTING -j MARK --set-mark 2
iptables -t mangle -A INPUT -j MARK --set-mark 2
iptables -t nat -A INPUT -j MARK --set-mark 2
iptables -t nat -A PREROUTING -j MARK --set-mark 2

ip rule add from all fwmark 2 lookup 2

ip rule add from all fwmark 2 lookup 2

Code: Select all

sudo iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 2

# I Have no idea what this is doing but I need to make it work:
sudo iptables --table nat --append POSTROUTING -o eth0 -j MASQUERADE

If I rederict all incoming traffic to my table 2 it works fine! It is just the PREROUTING mark that doesn't work for me:

Code: Select all

ip rule add from 192.168.2.0/24 table 2

So I was wondering, if I redirect ALL inbound connection from the router to eth0 and bypass the table with the tun0.. And then block ALL incoming port with iptables except the one I want to allow. Would it be a correct alternative to do it?

Does openvpn uses incoming connections or it is in use only on the outbounds connections?

Ideally I would use the marking system. But unfortunatly no good results for me..

Thks!!