A node as internet gateway?
Benjamin Henrion
bh at udev.org
Wed Nov 3 16:11:31 CET 2010
On Wed, Nov 3, 2010 at 11:54 AM, Mike Bentzen <mike at goodlook.com.au> wrote:
> Has this problem been solved in your most recent email to this list?
>
> The exit node must have ip forwarding enabled, as well as appropriate
> masquerading.
> The client node must have the default gateway set to the exit node.
I have on the client side a machine (b2) with an OpenVZ container
(fsbuild 192.168.20.98), where I added a rule to forward the traffic
through the tinc interface "mycompany" to another node on the vpn
which should be used as a gateway (192.168.11.2):
=============================================================
root at b2 /root [9]# ip rule add from 192.168.20.98 table 7
root at b2 /root [10]# ip route add default dev mycompany via 192.168.11.2 table 7
root at b2 /root [11]# vzctl enter 998
entered into CT 998
root at fsbuild / [2]# ping 130.104.1.1
PING 130.104.1.1 (130.104.1.1) 56(84) bytes of data.
[no answer here...]
=============================================================
On my laptop (192.168.11.2), I see packets:
=============================================================
root at buzek /home/zoobab [3]# tshark -i mycompany -R icmp
Running as user "root" and group "root". This could be dangerous.
Capturing on mycompany
0.466522 192.168.20.98 -> 130.104.1.1 ICMP Echo (ping) request
1.468486 192.168.20.98 -> 130.104.1.1 ICMP Echo (ping) request
=============================================================
But not icmp packets appear on the wlan0 interface, even when I have
the iptables rule on:
iptables -t nat -A POSTROUTING -j MASQUERADE -o wlan0
echo 1 > /proc/sys/net/ipv4/ip_forward
Any idea what I should add?
--
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
More information about the tinc
mailing list