(Arch)Linux source routing help
*(sorry, the previous message is gone a bit fast)* hi, where can I get help for this ? my problem is : I'm on a corporate network that is filtered (proxy) and I need to run some tests on a virtual machine that needs to have direct access to the Internet. I set up this configuration and try to route everything that comes out of tap0 to wlan0 and then to Internet. - - \ / \ / \ / +--------\-------+ +-------/-------+ |free GW | |corporate GW | |192.168.144.254 | |10.10.10.254/24| <http://10.10.10.254/24%7C> +--------|-------+ +-------|-------+ \ / +---------------|-----------------|------+ |HOST |wlan0 | |eth0 | | |192.168.144.1/24| <http://192.168.144.1/24%7C> |10.10.10.1/24| <http://10.10.10.1/24%7C> | +----------------+ +-------------| | | | +-----------------+ | | |tap0 | | | |192.168.11.254/24| <http://192.168.11.254/24%7C> | | +--------|--------+ | | | | | +-------------|--------+ | | |VM |eth0 | | | | |192.168.11.1/24 | | | | +-----------------| | | +----------------------+ | +----------------------------------------+ here are the commands used: # ip tuntap add tap0 mode tap user me # ip addr add 192.168.11.254/24 dev tap0 # ip link set tap0 down # echo 11 tap0 >> /etc/iproute2/rt_tables # ip rule add from 192.168.11.254 lookup tap0 # ip route add default via 192.168.144.254 dev wlan0 proto dhcp src 192.168.144.1 # echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE I can ping 8.8.8.8 from my virtual machine but all traffic (host/corporate) now seems to flow through wlan0 (tshark -i wlan0)... regards, lacsaP.
here are the commands used:
# ip tuntap add tap0 mode tap user me # ip addr add 192.168.11.254/24 dev tap0 # ip link set tap0 down # echo 11 tap0 >> /etc/iproute2/rt_tables # ip rule add from 192.168.11.254 lookup tap0
you probably want `from 192.168.11.0/24` here (iif tap0 should also be an option)
# ip route add default via 192.168.144.254 dev wlan0 proto dhcp src 192.168.144.1 # echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
-- damjan
Hi, On 09.11.22 16:35, Pascal wrote:
\ / +--------\-------+ +-------/-------+ |free GW | |corporate GW | |192.168.144.254 | |10.10.10.254/24| +--------|-------+ +-------|-------+ \ / +---------------|-----------------|------+ |HOST |wlan0 | |eth0 | | |192.168.144.1/24| |10.10.10.1/24| | +----------------+ +-------------| | | | +-----------------+ | | |tap0 | | | |192.168.11.254/24| | | +--------|--------+ | | | | | +-------------|--------+ | | |VM |eth0 | | | | |192.168.11.1/24 | | | | +-----------------| | | +----------------------+ | +----------------------------------------+
you're going to need source policy routing. I.e. create a new routing table with the default route going through your free GW: ip route add default via 192.168.144.254 table 10 To check if it's in place: ip route show table 10 And then to direct your VM traffic through that, you need a routing rule: ip rule add from 192.168.11.0/24 lookup 10 priority 10 To check if it's in place: ip rule show The main routing table usually has a priority of 32766 and to place overrides you need to insert rules with a lower priority number, they are processed from low to high. For a permanent setting, you can add your additional routing tables to /etc/iproute2/rt_tables and even give them a name there. The routes and routing rules themselves need to be inserted separately, I don't know from the top of my head if systemd-networkd can do that for you, otherwise you're going to need some sort of Oneshot post-boot service that sets it up. For more details you might want to consult the ip-rule and ip-route man pages. Cheers -- Thore "foxxx0" Bödecker GPG ID: 0xD622431AF8DB80F3 GPG FP: 0F96 559D 3556 24FC 2226 A864 D622 431A F8DB 80F3
On 11/9/22 17:52, Pascal wrote
# ip tuntap add tap0 mode tap user me # ip addr add 192.168.11.254/24 dev tap0 # ip link set tap0 down # echo 11 tap0 >> /etc/iproute2/rt_tables # ip rule add from 192.168.11.254 lookup tap0 > # ip route add default via 192.168.144.254 dev wlan0 proto dhcp src 192.168.144.1
Assuming your `ip rule` is trying to apply policy routing on `from 192.168.11.254` only, the ip route entry added here is missing a table parameter. You probably want instead: # ip route add default via 192.168.144.254 dev wlan0 table tap0
# echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERAD -- Regards, Felix Yan
yes, the table parameter was missing ! # ip route add default via 192.168.144.254 dev wlan0 *table tap0* Le mer. 9 nov. 2022 à 17:10, Felix Yan <felixonmars@archlinux.org> a écrit :
On 11/9/22 17:52, Pascal wrote
# ip tuntap add tap0 mode tap user me # ip addr add 192.168.11.254/24 dev tap0 # ip link set tap0 down # echo 11 tap0 >> /etc/iproute2/rt_tables # ip rule add from 192.168.11.254 lookup tap0 > # ip route add default via 192.168.144.254 dev wlan0 proto dhcp src 192.168.144.1
Assuming your `ip rule` is trying to apply policy routing on `from 192.168.11.254` only, the ip route entry added here is missing a table parameter.
You probably want instead:
# ip route add default via 192.168.144.254 dev wlan0 table tap0
# echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERAD -- Regards, Felix Yan
participants (4)
-
Damjan Georgievski
-
Felix Yan
-
Pascal
-
Thore Bödecker