1

I have the following interfaces/routes :

# ip route show
192.168.101.0/24 dev eth0  proto kernel  scope link  src 192.168.101.10
192.168.8.0/24 dev tun0  proto kernel  scope link  src 192.168.8.1
default via 192.168.101.251 dev eth0

Device eth0 is connected to a network with a gateway (192.168.101.251).

My clients are behind an access point (with some hotspot software) which is connected to tun0:

clients -> tun0 -> gateway -> eth0 -> internet

I can ping an internet host from eth0 but my clients behind the hotspot can't access internet through tun0. How do I route packets from tun0 to internet (and back) ?

Luca Gibelli
  • 2,731
  • 1
  • 22
  • 30
drcelus
  • 1,254
  • 4
  • 14
  • 28

2 Answers2

2

You need to enable ip_forward on the gateway:

sysctl net.ipv4.ip_forward=1

and masquerade your clients:

# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# /sbin/iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# /sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT

You also need to set your clients to use the IP of tun0 as their default gateway.

Luca Gibelli
  • 2,731
  • 1
  • 22
  • 30
0

You must route default gateway for 0.0.0.0 to tun0

For example:

route add -net default gw 192.168.101.251 dev tun0

might works for you. May be you have to remove default GW for eth0

route del -net default gw 192.168.101.251 dev eth0

This will routes all internet traffic over tun0 device. If you add these two lines in to end of /etc/network/interfaces file, it runs on system boot..

Sencer H.
  • 562
  • 1
  • 8
  • 17
  • But if I do this I will not be able to connect to internet from eth0. I want to be able to connect from both interfaces. – drcelus Jan 20 '12 at 14:40
  • Basically you can not do a request same time with both connection. You can do load balancing when one connection is occupied by a request(s), system tries other one. But I have no knowledge about load balancing.. – Sencer H. Jan 20 '12 at 14:46
  • Not both interfaces are connected to internet, just eth0, tun0 is being configured to act as a captive portal and thus requests from there should be routed through eth0 and back. Hope this makes sense. – drcelus Jan 20 '12 at 14:50
  • Are you saying you want to make the internet on eth0 available to whatever is connected on the other side of tun0? – Tim Jan 20 '12 at 15:49
  • Yes Tim that's exactly what I need. – drcelus Jan 23 '12 at 08:00