0

I'm using OpenVPN on Ubuntu Server to connect to my VPN. That network interface is tun0. All traffic currently goes through the VPN. I'd like to exclude traffic that goes over a specific port, and have that traffic go through eth0, and not through the VPN. I've tried the following, but it doesnt seem to be getting applied:

iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i tun0 -p tcp --dport 5222
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i tun0 -p tcp --dport 5223
ip route add table 300 default via 192.168.0.1
ip rule add fwmark 0x55 table 300

I know it's possible, but I don't have much networking experience, so I'm at a loss here. Any help is much appreciated.

Randy
  • 179
  • 1
  • 2
  • 7
  • http://www.lartc.org/howto/lartc.rpdb.multiple-links.html – Zoredache May 12 '15 at 21:50
  • 2
    Go up to the table of contents for that document. There are a couple ways of classifying and selecting route tables described there (eg http://www.lartc.org/howto/lartc.netfilter.html). Also if you search around I bet you can find lots of tutorials. – Zoredache May 12 '15 at 22:04
  • Do you want to mangle packets that are generated locally on the machine, or rather the machine is a router? – Konrad Gajewski May 13 '15 at 10:27
  • Also asked on Unlix&Linux; don't do that – wurtel May 13 '15 at 13:53
  • Hi @KonradGajewski, I want to mangle packets generated locally on that machine. Perhaps that's why it's not getting applied? – Randy May 13 '15 at 17:51

1 Answers1

0

Since you want to affect the traffic generated on the local machine, you need to edit the OUTPUT target rather than the PREROUTING. (Or maybe keep both of them)

Konrad Gajewski
  • 1,498
  • 3
  • 15
  • 29