top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Route: How to add route between two vpn clients

+3 votes

I have two vpn clients connected to the internet by gsm modem, I can reach them from my desktop.

Now what I would like to do is setting up communication between the two VPN-clients. But neither of them can ping the other.

the vpn serer has the IP:

the two vpn clients have the ips:

~# route -n on
Ziel Router Genmask Flags Metric Ref Use Iface U 0 0 0 ppp0 UG 0 0 0 tun0 UH 0 0 0 ppp0 UH 0 0 0 tun0 UG 0 0 0 tun0
posted Jan 11, 2015 by anonymous

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button

Similar Questions
+5 votes

I want to forward all http traffic coming in from a perticular IP at local port 8080, to 2 particular IP Addresses (port 80). Is it enough to prepend the following in my IPtable

-A PREROUTING -s xx.xx.xx.xx/24 -p tcp --dport 8080 -j DNAT --to-destination
-A PREROUTING -s xx.xx.xx.xx/24 -p tcp --dport 8080 -j DNAT --to-destination yyy.yyy.yyy.yyy:80

+1 vote

Is there a way to find out if there any iptables rules set on a machine ?

There are some indirect ways which will not always work; for example, I know that on most hosts, iptables -S will return the following output (when no iptable rules are set)

So you can check whether or not the number of output lines is greater than 3 (as an indication of whether or not iptables rules are set). But there are hosts on which there are more chains then these 3; these chains are set by application/services, even without any iptable rules which are set. And after running iptables -F on these machines, iptables -S will still show more than 3 chains, even that there are no iptables rules set in these chains.

So the question is - is there a way to know whether or not netfilter rules are set on a host, regardless of the number of chains ?

+2 votes

Can someone help on how to replace the next iptables rule with nft:

iptables -t raw -A PREROUTING -i eth0 -j CT --notrack

Is this possible with nft or not?

0 votes

Is it possible to bind multiple address families in netfilter queue? I see IPv4 show up in my queue, but not ARP. With error code removed, here is how I'm calling nfq_bind:

netfilterqueue_handle = nfq_open();
netfilterqueue_queue = nfq_create_queue( netfilterqueue_handle, 0,

nfq_bind_pf( netfilterqueue_handle, AF_INET );
nfq_bind_pf( netfilterqueue_handle, NF_ARP );

I'm thinking the more likely possibility is the iptable rules I'm using to send traffic to the queue are too restrictive. Here are the rules I have:

# Generated by iptables-save v1.4.21 on Sat Feb 14 10:40:46 2015
:INPUT ACCEPT [56:4995]
:OUTPUT ACCEPT [56:4496]
# Completed on Sat Feb 14 10:40:46 2015
# Generated by iptables-save v1.4.21 on Sat Feb 14 10:40:46 2015
:INPUT ACCEPT [1017:217421]
:FORWARD DROP [53:2307]
:OUTPUT ACCEPT [934:211104]
:MYRA - [0:0]
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j MYRA
-A FORWARD -s -o eth0 -m conntrack --ctstate NEW -j MYRA
-A MYRA -j NFQUEUE --queue-num 0 --queue-bypass
# Completed on Sat Feb 14 10:40:46 2015

Do I have to add another FORWARD line to get ARP to jump to MYRA? What would it look like?

+1 vote

I know that packet traverses through the Net Filter hooks but how to practically realize that, any suggestions...