Iptables Bypass VPN for specific IP destinations ( From Eth1 -> tun0 to Eth1-> eth0 for IP X )

Question

I currently have Raspberry PI setup as VPN Router. Everything works great except I'm unable to run my work VPN behind it at the same time. Rather than disable the whole house security, I'd like to add a firewall rule to bypass the VPN for a specific IP.

Work VPN Public IP: 15.15.15.15 eth0 Raspberry PI: 192.168.43.1 (LAN) eth1 Raspberry PI: XX.3.1.209 (PUBLIC)

Here is the current route script that came pre-setup vpn-route.sh:

#!/bin/bash
LAN=$(</usr/local/bin/lan.conf) # 192.168.0.0/16
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t nat -A POSTROUTING -d $LAN -o eth0  
sudo iptables -t nat -A POSTROUTING ! -d $LAN -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0  -o eth0 -j ACCEPT


sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

Is there a way I can add a second masquerade only by matching the destination IP like this?

sudo iptables -t nat -A POSTROUTING --dst 15.15.15.15 -o eth0  -j MASQUERADE # didn't seem to work

Looks like https://github.com/ShVerni/Raspberry-Pi-VPN-Gateway/blob/6e60146601dc5dec6ba20b8fb30d205c080ee8f0/InstallVPN.sh#L271 Might be something similar. Not sure how the mark stuff works. — Chris, Jan 03 '23 at 02:04

Iptables Bypass VPN for specific IP destinations ( From Eth1 -> tun0 to Eth1-> eth0 for IP X )

0 Answers0