4

I have created an tunnel device using

ip tuntap add dev tun0 mode tun user 0 group 0

I then assign it an ip address 192.168.0.1/22

ifconfig tun0 192.168.0.1 netmask 255.255.252.0

On my ethernet device eth0, I receive packets from machines in the ip address range 192.168.1.2-192.168.1.5. I would like these packets to be forwarded on the tunnel device. I do not wish to create a bridge between the ethernet and tunnel device. I therefore added routing entries in the routing table as follows.

ip rule add from 192.168.1.0/24 lookup myinternal

ip route add default via 192.168.0.1 dev tun0 table myinternal

I have flushed (removed) all ip tables entries. There are two entries however

iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT

When I do a tcpdump on tun0 I am not able to see the packets from eth0. However I can see the packets when I do a tcpdump on eth0. I would like to know how can I forward/capture these packets on tun0. From tun0 I would later on like to process these packets and reply to them from my application and if required pass them on to another interface. I cannot use eth0 for my activities.

I have enabled forwarding using systl for ipv4.

cat /proc/sys/net/ipv4/ip_forward

1

Furthermore there is no default route entry in my main routing table.

Ashwin
  • 41
  • 3

1 Answers1

0

I know it has been six years, but in case anyone stumbles here with a similar issue: this sounds like the reverse path filter 'rp_filter' dropping traffic.

From the link:

  • log rp_filter dropped traffic:

echo 1 >/proc/sys/net/ipv4/conf/(interfacename)/log_martians

  • disable rp_filter:

echo 0 >/proc/sys/net/ipv4/conf/(interfacename)/rp_filter

cburn11
  • 141
  • 4