Thanks Jorge, I'm not using any specific VPN solution, Me and my colleagues are developing a secure VPN solution based on kernel TUN/TAP driver. Since we have full control over our tap interface we just need to redirect the whole traffic coming into the eth0 (from a LAN) into the tap interface, so we can read them (I mean Ethernet frames in Layer 2) and send them out from the other pysical interface (eth1). BTW, Redirecting a single or even multiple ports won't work in my situation, because I want whole traffic in layer 2, not a specific port number. Thanks, Arash On Tue, 2007-09-11 at 19:40 -0600, Jorge Davila wrote: > Arash: > > AFAIK, you must open a path in the firewall to the vpn daemon > (port/protocol) and the daemon will be in charge of administering the > traffic between the clients and the vpn server. > Additionally, you must tell to the client where is the server (the ip > address), what device will be used (tun or tap device). > > May you want ask in the mailing list for the vendor/provider of the vpn > software that you are using. > > > Hope this helps, > > Jorge Dávila. > > On Wed, 12 Sep 2007 02:06:53 +0330 > Arash Yadegarnia <arash@xxxxxxxxxxxx> wrote: > > Hi, :) > > > > Here is the situation: > > > > I have a machine with 2 NICs, assume eth0 (192.168.0.10) connected to my > > LAN, and eth1 (192.168.0.20) connected to Internet through a gateway. > > I also, have a virtual tap0 (TUN/TAP) interface (10.0.0.1) on this > > machine. > > > > All that I want to do is simply, forwarding ALL traffic coming to eth0 > > from the LAN, into my tap0 interface, So I can modify them using my own > > user space program which can capture packets on the tap interface and > > send them on eth1 to another address somewhere in the world (through > > Internet). > > > > Since I want IP addresses unchanged, I cannot use NAT or Masquerading. > > As far as I know, In this matter forwarding should be done in Layer-2 so > > I'm not sure if I can use iptables to do the job. > > I also have tried bridging but I was trapped in a horrible bridge loop > > (Enabling STP on bridge also didn't work for me). > > > > Any ideas? :) > > > > Thanks, > > Arash > > > > > > > > Jorge Isaac Davila Lopez > Nicaragua Open Source > +505 430 5462 > davila@xxxxxxxxxxxxxxxxxxxxxxx >
