Hi Guys I would like some help on the following: Excuse my asci-art! Web Server | | Bridge 1 --tunnel-10.4.0.1--| | | | | Std Router 10.1.1.1 | | | | | Slow 64kbit line | | | | | Std router 10.1.2.1 | | | | | Bridge 2 --tunnel-10.4.0.2--| | | LAN network without the tunnel running the route for LAN is via 10.1.1.1 and route for Web Server is via 10.1.2.1 All is fine! Now I want the Web Server traffic to go via the tunnel end point(10.4.0.2) so it will be compressed and encrypted but I Don't want to have to change ANY gateway's on either the LAN devices or the Web Server. When the tunnel comes up I thought I would use Iptables to catch traffic going to each router and somehow redirect it to the tunnel. I've tried to MARK packets and then send them via a rt_table but it still goes to the default gateway on the std router. I think it's the bridging that is messing me up but I don't no why? My netfilter IS patched with nf-bridge V0.0.6 ON KERNEL 2.4.17 etc.. I get the packets to the MARK mangle table but they don't go to the rt_table This is the script that runs when the tunnel comes up : FOR Web Server side bridge: iptables -A PREROUTING -t mangle -d 10.1.2.0/24 -j MARK --set-mark 1 ip rule add fwmark 1 table for.tun ip route del 10.1.2.0/24 via 10.1.2.1 #the original gateway for LAN but I keep a static for the # single IP so the tunnel keeps going ip route add 10.1.2.0/24 via dev tune table for.tun ip route flush cache #END in rt_tables 202 for.tun The same mirrored on the LAN bridge side! I use OPENVPN for the tunnel! NO GO!! Please give me some ideas as to what's going wrong or to whether I should use some other plan. Regards Allan Gee Equation 021 4181777 www.equation.co.za
