*(sorry, the previous message is gone a bit fast)*
hi,
where can I get help for this ?
my problem is :
I'm on a corporate network that is filtered (proxy) and I need to run some tests on a virtual machine that needs to have direct access to the Internet. I set up this configuration and try to route everything that comes out of tap0 to wlan0 and then to Internet.
- - \ / \ / \ / +---------------+ +-------/-------+ |free GW | |corporate GW | |192.168.144.254 | |10.10.10.254/24| http://10.10.10.254/24%7C +--------|-------+ +-------|-------+ \ / +---------------|-----------------|------+ |HOST |wlan0 | |eth0 | | |192.168.144.1/24| http://192.168.144.1/24%7C |10.10.10.1/24| http://10.10.10.1/24%7C | +----------------+ +-------------| | | | +-----------------+ | | |tap0 | | | |192.168.11.254/24| http://192.168.11.254/24%7C | | +--------|--------+ | | | | | +-------------|--------+ | | |VM |eth0 | | | | |192.168.11.1/24 | | | | +-----------------| | | +----------------------+ | +----------------------------------------+
here are the commands used:
# ip tuntap add tap0 mode tap user me # ip addr add 192.168.11.254/24 dev tap0 # ip link set tap0 down # echo 11 tap0 >> /etc/iproute2/rt_tables # ip rule add from 192.168.11.254 lookup tap0 # ip route add default via 192.168.144.254 dev wlan0 proto dhcp src 192.168.144.1 # echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
I can ping 8.8.8.8 from my virtual machine but all traffic (host/corporate) now seems to flow through wlan0 (tshark -i wlan0)...
regards, lacsaP.
here are the commands used:
# ip tuntap add tap0 mode tap user me # ip addr add 192.168.11.254/24 dev tap0 # ip link set tap0 down # echo 11 tap0 >> /etc/iproute2/rt_tables # ip rule add from 192.168.11.254 lookup tap0
you probably want `from 192.168.11.0/24` here (iif tap0 should also be an option)
# ip route add default via 192.168.144.254 dev wlan0 proto dhcp src 192.168.144.1 # echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Hi,
On 09.11.22 16:35, Pascal wrote:
\ / +--------\-------+ +-------/-------+ |free GW | |corporate GW | |192.168.144.254 | |10.10.10.254/24| +--------|-------+ +-------|-------+ \ /
+---------------|-----------------|------+ |HOST |wlan0 | |eth0 | | |192.168.144.1/24| |10.10.10.1/24| | +----------------+ +-------------| | | | +-----------------+ | | |tap0 | | | |192.168.11.254/24| | | +--------|--------+ | | | | | +-------------|--------+ | | |VM |eth0 | | | | |192.168.11.1/24 | | | | +-----------------| | | +----------------------+ | +----------------------------------------+
you're going to need source policy routing.
I.e. create a new routing table with the default route going through your free GW:
ip route add default via 192.168.144.254 table 10
To check if it's in place:
ip route show table 10
And then to direct your VM traffic through that, you need a routing rule:
ip rule add from 192.168.11.0/24 lookup 10 priority 10
To check if it's in place:
ip rule show
The main routing table usually has a priority of 32766 and to place overrides you need to insert rules with a lower priority number, they are processed from low to high.
For a permanent setting, you can add your additional routing tables to /etc/iproute2/rt_tables and even give them a name there. The routes and routing rules themselves need to be inserted separately, I don't know from the top of my head if systemd-networkd can do that for you, otherwise you're going to need some sort of Oneshot post-boot service that sets it up.
For more details you might want to consult the ip-rule and ip-route man pages.
Cheers
On 11/9/22 17:52, Pascal wrote
# ip tuntap add tap0 mode tap user me # ip addr add 192.168.11.254/24 dev tap0 # ip link set tap0 down # echo 11 tap0 >> /etc/iproute2/rt_tables # ip rule add from 192.168.11.254 lookup tap0 > # ip route add default via 192.168.144.254 dev wlan0 proto dhcp src
192.168.144.1
Assuming your `ip rule` is trying to apply policy routing on `from 192.168.11.254` only, the ip route entry added here is missing a table parameter.
You probably want instead:
# ip route add default via 192.168.144.254 dev wlan0 table tap0
# echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERAD
yes, the table parameter was missing !
# ip route add default via 192.168.144.254 dev wlan0 *table tap0*
Le mer. 9 nov. 2022 à 17:10, Felix Yan felixonmars@archlinux.org a écrit :
On 11/9/22 17:52, Pascal wrote
# ip tuntap add tap0 mode tap user me # ip addr add 192.168.11.254/24 dev tap0 # ip link set tap0 down # echo 11 tap0 >> /etc/iproute2/rt_tables # ip rule add from 192.168.11.254 lookup tap0 > # ip route add default
via 192.168.144.254 dev wlan0 proto dhcp src 192.168.144.1
Assuming your `ip rule` is trying to apply policy routing on `from 192.168.11.254` only, the ip route entry added here is missing a table parameter.
You probably want instead:
# ip route add default via 192.168.144.254 dev wlan0 table tap0
# echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERAD
-- Regards, Felix Yan
arch-general@lists.archlinux.org