My setup is the following: I'm writing a program that creates a tun interface and writes raw (Layer 3) packets to that interface. For example a ICMP ping packet (to make things easy).
Now i want to redirect those packets from the tun interface to my eth interface. I already tried the typical FORWARD iptables rules and also the option ip_forward is set to 1.
I can see the valid ICMP packets in wireshark for the tun interface, but the redirection won't work and nothing appears for the eth interface in wireshark. The ping is directed to an outside service (e.g. 8.8.8.8).
I guess that i'm missing one crucial thing on why this is not working, but cannot see it...
Info: I already searched for all "Forward Tun to XX" posts, but i haven't found a solution that actually worked.
Edit:
Iptable rules:
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -A FORWARD -i tun0 -o wlp4s0 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o wlp4s0 -j SNAT --to-source 192.168.2.73
i tried it with SNAT and the following MASQUARADE rule as well:
sudo iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o wlp4s0 -j MASQUERADE
Both unsuccessfull.
Output of ip addr:
46: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 10.0.0.1/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::1218:6be2:934b:355b/64 scope link stable-privacy
valid_lft forever preferred_lft forever
Output of ip route
10.0.0.0/24 dev tun0 proto kernel scope link src 10.0.0.1
And sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
