Routing only tcp outgoing traffic through a tun0 interface

Question

I have an ubuntu 20 system, and I'm trying to create a tunnel between my system and a remote server since my client system can't have any incoming/outgoing TCP traffic.

I created a tun0 virtual interafce and I only want TCP packets to be routed to that interface, so my program could read them, wrap the packet in a different protocol (i.e DNS) and send it to my tunnel endpoint.

I already acheived routing all of the traffic from my computer to the interface, but this will deny my system from doing other non tcp related traffic (like pinging my router, or google.com for example).

The rules I used:

sudo ip route del default
sudo ip route add default via 10.1.0.1 dev tun0
sudo ip route add 192.168.1.127 via 192.168.1.1 dev ens33

Where 192.168.1.1 is my default gw 10.1.0.1 is my tun0 ip 192.168.1.127 is my server's ip

How can I route only tcp traffic?

score 0 · Accepted Answer · answered Jan 07 '23 at 18:18

I managed to acheieve that by using a different routing table and marking specific packets to be routed using that table.

To create a default route to the ip of my tun interface:

 ip route add default via 10.0.0.1 table 3

To mark outgoing tcp packets:

 iptables -t mangle -A OUTPUT -p tcp -j MARK --set-mark 2

And finally to make sure these packets are routed with table 3, an ip rule to forward marked packets:

ip rule add fwmark 2 table 3

Routing only tcp outgoing traffic through a tun0 interface

1 Answers1