Can't forward traffic from eth to TUN/TAP
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I'm trying to forward traffic from a physical interface enp5s0
to a virtual one tun0
. The goal is to make tun0
receive essentially all packets from enp5s0
.
First, I enable forwarding with a command
sudo sysctl -w net.ipv4.ip_forward=1
Then I create tun0
by running
sudo ip tuntap add dev tun0 mod tun
I assign it IP-address and turn the device on:
sudo ifconfig tun0 10.1.8.5 netmask 255.255.255.0 promisc up
I want to make all packets go from enp5s0
to tun0
, so I have to use iptables. I need to make a rule that allows forwarding from enp5s0
to tun0
, so the command is
sudo iptables -A FORWARD --in-interface tun0 --out-interface enp5s0 -j ACCEPT
Then I enable NAT by running
sudo iptables -t nat -A POSTROUTING --out-interface enp5s0 -j MASQUERADE
tcpdump shows no traffic on tun0
.
Also, I tried almost the same thing, but using TAP device. I created a bridge with brctl
, added tap0
and enp5s0
, but no packets were received by tap0
and everything was ok with enp5s0
. Nothing like default gw 10.1.8.5
works in TUN case. Where is a mistake?
iptables vpn tunneling forwarding
add a comment |Â
up vote
0
down vote
favorite
I'm trying to forward traffic from a physical interface enp5s0
to a virtual one tun0
. The goal is to make tun0
receive essentially all packets from enp5s0
.
First, I enable forwarding with a command
sudo sysctl -w net.ipv4.ip_forward=1
Then I create tun0
by running
sudo ip tuntap add dev tun0 mod tun
I assign it IP-address and turn the device on:
sudo ifconfig tun0 10.1.8.5 netmask 255.255.255.0 promisc up
I want to make all packets go from enp5s0
to tun0
, so I have to use iptables. I need to make a rule that allows forwarding from enp5s0
to tun0
, so the command is
sudo iptables -A FORWARD --in-interface tun0 --out-interface enp5s0 -j ACCEPT
Then I enable NAT by running
sudo iptables -t nat -A POSTROUTING --out-interface enp5s0 -j MASQUERADE
tcpdump shows no traffic on tun0
.
Also, I tried almost the same thing, but using TAP device. I created a bridge with brctl
, added tap0
and enp5s0
, but no packets were received by tap0
and everything was ok with enp5s0
. Nothing like default gw 10.1.8.5
works in TUN case. Where is a mistake?
iptables vpn tunneling forwarding
What exactly are you trying to achieve?
â ysdx
May 11 at 14:34
I'm trying to capture allenp5s0
traffic ontun0
. Every packet received byenp5s0
should be forwarded to
tun0`
â Nikita Zeulin
May 12 at 13:31
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to forward traffic from a physical interface enp5s0
to a virtual one tun0
. The goal is to make tun0
receive essentially all packets from enp5s0
.
First, I enable forwarding with a command
sudo sysctl -w net.ipv4.ip_forward=1
Then I create tun0
by running
sudo ip tuntap add dev tun0 mod tun
I assign it IP-address and turn the device on:
sudo ifconfig tun0 10.1.8.5 netmask 255.255.255.0 promisc up
I want to make all packets go from enp5s0
to tun0
, so I have to use iptables. I need to make a rule that allows forwarding from enp5s0
to tun0
, so the command is
sudo iptables -A FORWARD --in-interface tun0 --out-interface enp5s0 -j ACCEPT
Then I enable NAT by running
sudo iptables -t nat -A POSTROUTING --out-interface enp5s0 -j MASQUERADE
tcpdump shows no traffic on tun0
.
Also, I tried almost the same thing, but using TAP device. I created a bridge with brctl
, added tap0
and enp5s0
, but no packets were received by tap0
and everything was ok with enp5s0
. Nothing like default gw 10.1.8.5
works in TUN case. Where is a mistake?
iptables vpn tunneling forwarding
I'm trying to forward traffic from a physical interface enp5s0
to a virtual one tun0
. The goal is to make tun0
receive essentially all packets from enp5s0
.
First, I enable forwarding with a command
sudo sysctl -w net.ipv4.ip_forward=1
Then I create tun0
by running
sudo ip tuntap add dev tun0 mod tun
I assign it IP-address and turn the device on:
sudo ifconfig tun0 10.1.8.5 netmask 255.255.255.0 promisc up
I want to make all packets go from enp5s0
to tun0
, so I have to use iptables. I need to make a rule that allows forwarding from enp5s0
to tun0
, so the command is
sudo iptables -A FORWARD --in-interface tun0 --out-interface enp5s0 -j ACCEPT
Then I enable NAT by running
sudo iptables -t nat -A POSTROUTING --out-interface enp5s0 -j MASQUERADE
tcpdump shows no traffic on tun0
.
Also, I tried almost the same thing, but using TAP device. I created a bridge with brctl
, added tap0
and enp5s0
, but no packets were received by tap0
and everything was ok with enp5s0
. Nothing like default gw 10.1.8.5
works in TUN case. Where is a mistake?
iptables vpn tunneling forwarding
asked May 9 at 13:10
Nikita Zeulin
1
1
What exactly are you trying to achieve?
â ysdx
May 11 at 14:34
I'm trying to capture allenp5s0
traffic ontun0
. Every packet received byenp5s0
should be forwarded to
tun0`
â Nikita Zeulin
May 12 at 13:31
add a comment |Â
What exactly are you trying to achieve?
â ysdx
May 11 at 14:34
I'm trying to capture allenp5s0
traffic ontun0
. Every packet received byenp5s0
should be forwarded to
tun0`
â Nikita Zeulin
May 12 at 13:31
What exactly are you trying to achieve?
â ysdx
May 11 at 14:34
What exactly are you trying to achieve?
â ysdx
May 11 at 14:34
I'm trying to capture all
enp5s0
traffic on tun0
. Every packet received by enp5s0
should be forwarded to
tun0`â Nikita Zeulin
May 12 at 13:31
I'm trying to capture all
enp5s0
traffic on tun0
. Every packet received by enp5s0
should be forwarded to
tun0`â Nikita Zeulin
May 12 at 13:31
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
Your in and out interfaces are reversed in the iptables command.
They should be:
sudo iptables -A FORWARD --in-interface enp5s0 --out-interface tun0 -j ACCEPT
and:
sudo iptables -t nat -A POSTROUTING --out-interface tun0 -j MASQUERADE
I've tried yours andtcpdump -i tun0
is still empty
â Nikita Zeulin
May 9 at 13:55
What are you trying to achieve? I have used these commands to set up a vpn over a tun device (which is why I know about the in/out order), however you would normally have something on the other side of the tun0 interface - either the other end of the vpn or a local application that opens the device. Just having the tun0 device with an ip address doesn't mean that traffic will flow - its like having an ethernet port with the cable unplugged. This might be useful: naturalborncoder.com/virtualization/2014/10/17/â¦
â BrendanMcL
May 9 at 22:45
Thanks for a link. The goal is to capture allenp5s0
traffic ontun0
. I have a program that reads packets fromtun0
, spoofs them and send them back on wire. I've triedping
andtraceroute
to test the connection, and the thing is that there are some records on packet going though PREROUTE chain and that's all, packets are not being forwarded even if I make a rule and enable forwarding.
â Nikita Zeulin
May 11 at 12:39
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Your in and out interfaces are reversed in the iptables command.
They should be:
sudo iptables -A FORWARD --in-interface enp5s0 --out-interface tun0 -j ACCEPT
and:
sudo iptables -t nat -A POSTROUTING --out-interface tun0 -j MASQUERADE
I've tried yours andtcpdump -i tun0
is still empty
â Nikita Zeulin
May 9 at 13:55
What are you trying to achieve? I have used these commands to set up a vpn over a tun device (which is why I know about the in/out order), however you would normally have something on the other side of the tun0 interface - either the other end of the vpn or a local application that opens the device. Just having the tun0 device with an ip address doesn't mean that traffic will flow - its like having an ethernet port with the cable unplugged. This might be useful: naturalborncoder.com/virtualization/2014/10/17/â¦
â BrendanMcL
May 9 at 22:45
Thanks for a link. The goal is to capture allenp5s0
traffic ontun0
. I have a program that reads packets fromtun0
, spoofs them and send them back on wire. I've triedping
andtraceroute
to test the connection, and the thing is that there are some records on packet going though PREROUTE chain and that's all, packets are not being forwarded even if I make a rule and enable forwarding.
â Nikita Zeulin
May 11 at 12:39
add a comment |Â
up vote
0
down vote
Your in and out interfaces are reversed in the iptables command.
They should be:
sudo iptables -A FORWARD --in-interface enp5s0 --out-interface tun0 -j ACCEPT
and:
sudo iptables -t nat -A POSTROUTING --out-interface tun0 -j MASQUERADE
I've tried yours andtcpdump -i tun0
is still empty
â Nikita Zeulin
May 9 at 13:55
What are you trying to achieve? I have used these commands to set up a vpn over a tun device (which is why I know about the in/out order), however you would normally have something on the other side of the tun0 interface - either the other end of the vpn or a local application that opens the device. Just having the tun0 device with an ip address doesn't mean that traffic will flow - its like having an ethernet port with the cable unplugged. This might be useful: naturalborncoder.com/virtualization/2014/10/17/â¦
â BrendanMcL
May 9 at 22:45
Thanks for a link. The goal is to capture allenp5s0
traffic ontun0
. I have a program that reads packets fromtun0
, spoofs them and send them back on wire. I've triedping
andtraceroute
to test the connection, and the thing is that there are some records on packet going though PREROUTE chain and that's all, packets are not being forwarded even if I make a rule and enable forwarding.
â Nikita Zeulin
May 11 at 12:39
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Your in and out interfaces are reversed in the iptables command.
They should be:
sudo iptables -A FORWARD --in-interface enp5s0 --out-interface tun0 -j ACCEPT
and:
sudo iptables -t nat -A POSTROUTING --out-interface tun0 -j MASQUERADE
Your in and out interfaces are reversed in the iptables command.
They should be:
sudo iptables -A FORWARD --in-interface enp5s0 --out-interface tun0 -j ACCEPT
and:
sudo iptables -t nat -A POSTROUTING --out-interface tun0 -j MASQUERADE
answered May 9 at 13:26
BrendanMcL
214
214
I've tried yours andtcpdump -i tun0
is still empty
â Nikita Zeulin
May 9 at 13:55
What are you trying to achieve? I have used these commands to set up a vpn over a tun device (which is why I know about the in/out order), however you would normally have something on the other side of the tun0 interface - either the other end of the vpn or a local application that opens the device. Just having the tun0 device with an ip address doesn't mean that traffic will flow - its like having an ethernet port with the cable unplugged. This might be useful: naturalborncoder.com/virtualization/2014/10/17/â¦
â BrendanMcL
May 9 at 22:45
Thanks for a link. The goal is to capture allenp5s0
traffic ontun0
. I have a program that reads packets fromtun0
, spoofs them and send them back on wire. I've triedping
andtraceroute
to test the connection, and the thing is that there are some records on packet going though PREROUTE chain and that's all, packets are not being forwarded even if I make a rule and enable forwarding.
â Nikita Zeulin
May 11 at 12:39
add a comment |Â
I've tried yours andtcpdump -i tun0
is still empty
â Nikita Zeulin
May 9 at 13:55
What are you trying to achieve? I have used these commands to set up a vpn over a tun device (which is why I know about the in/out order), however you would normally have something on the other side of the tun0 interface - either the other end of the vpn or a local application that opens the device. Just having the tun0 device with an ip address doesn't mean that traffic will flow - its like having an ethernet port with the cable unplugged. This might be useful: naturalborncoder.com/virtualization/2014/10/17/â¦
â BrendanMcL
May 9 at 22:45
Thanks for a link. The goal is to capture allenp5s0
traffic ontun0
. I have a program that reads packets fromtun0
, spoofs them and send them back on wire. I've triedping
andtraceroute
to test the connection, and the thing is that there are some records on packet going though PREROUTE chain and that's all, packets are not being forwarded even if I make a rule and enable forwarding.
â Nikita Zeulin
May 11 at 12:39
I've tried yours and
tcpdump -i tun0
is still emptyâ Nikita Zeulin
May 9 at 13:55
I've tried yours and
tcpdump -i tun0
is still emptyâ Nikita Zeulin
May 9 at 13:55
What are you trying to achieve? I have used these commands to set up a vpn over a tun device (which is why I know about the in/out order), however you would normally have something on the other side of the tun0 interface - either the other end of the vpn or a local application that opens the device. Just having the tun0 device with an ip address doesn't mean that traffic will flow - its like having an ethernet port with the cable unplugged. This might be useful: naturalborncoder.com/virtualization/2014/10/17/â¦
â BrendanMcL
May 9 at 22:45
What are you trying to achieve? I have used these commands to set up a vpn over a tun device (which is why I know about the in/out order), however you would normally have something on the other side of the tun0 interface - either the other end of the vpn or a local application that opens the device. Just having the tun0 device with an ip address doesn't mean that traffic will flow - its like having an ethernet port with the cable unplugged. This might be useful: naturalborncoder.com/virtualization/2014/10/17/â¦
â BrendanMcL
May 9 at 22:45
Thanks for a link. The goal is to capture all
enp5s0
traffic on tun0
. I have a program that reads packets from tun0
, spoofs them and send them back on wire. I've tried ping
and traceroute
to test the connection, and the thing is that there are some records on packet going though PREROUTE chain and that's all, packets are not being forwarded even if I make a rule and enable forwarding.â Nikita Zeulin
May 11 at 12:39
Thanks for a link. The goal is to capture all
enp5s0
traffic on tun0
. I have a program that reads packets from tun0
, spoofs them and send them back on wire. I've tried ping
and traceroute
to test the connection, and the thing is that there are some records on packet going though PREROUTE chain and that's all, packets are not being forwarded even if I make a rule and enable forwarding.â Nikita Zeulin
May 11 at 12:39
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f442760%2fcant-forward-traffic-from-eth-to-tun-tap%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
What exactly are you trying to achieve?
â ysdx
May 11 at 14:34
I'm trying to capture all
enp5s0
traffic ontun0
. Every packet received byenp5s0
should be forwarded to
tun0`â Nikita Zeulin
May 12 at 13:31