Intereting Posts
升级MySQL会导致错误
使用NFS装载作为长期的容器存储
在CentOS 6.0中的input/输出错误(VirtualBox 4.1.6,Windows XP)
一旦我确保了build筑外的安全,我是否可以从中间人的安全逃脱?
SQL Server似乎挂起更新表时
elinks | 表单提交后转储
发送邮件的后缀限制
Tomcat 8.5loginSyslog
如何轻松修复Linux磁盘上的一个不可读块?
Centos yum安装git-svn
如何禁用OSX上的IPv4使用(或禁用快乐眼球)
隔离Cisco Nexus 5000上的以太网端口
远程访问git仓库(服务器设置)
SPF问题与SpamAssassin
apache可以使用密钥代理来存储SSL的私钥吗?
iptables:select性PPTP VPN路由
我已经能够通过PPTP与Ipredatorbuild立TomatoUSB固件,configuration如下:
但是,我不想为我的networking中的每台计算机使用Ipredator PPTP VPN,如何仅将PPTP VPN用于一个MAC / IP?
经过进一步调查,我有以下的iptables输出:
- SSHstream量redirectLXC容器
- 通过公共接口路由OpenVPN隧道,并通过NAT接口(到互联网)
- LVSconfiguration问题(使用食人鱼工具)
- iptables preroute本地主机
- 禁用原始套接字的TCP数据包的内核处理
root@unknown:/tmp/home/root# iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP all -- anywhere somehostname.vpn.ipredator.se DROP all -- anywhere my.personal.isp.hostname.com DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED shlimit tcp -- anywhere anywhere tcp dpt:ssh state NEW shlimit tcp -- anywhere anywhere tcp dpt:telnet state NEW ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ACCEPT tcp -- anywhere unknown tcp dpt:ssh Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere state INVALID TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU restrict all -- anywhere anywhere restrict all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED wanin all -- anywhere anywhere wanout all -- anywhere anywhere ACCEPT all -- anywhere anywhere wanin all -- anywhere anywhere wanout all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain rdev00 (1 references) target prot opt source destination DROP all -- anywhere anywhere MAC 00:19:C5:7B:84:89 Chain restrict (2 references) target prot opt source destination rdev00 all -- anywhere anywhere Chain shlimit (2 references) target prot opt source destination all -- anywhere anywhere recent: SET name: shlimit side: source DROP all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source root@unknown:/tmp/home/root# ifconfig br0 Link encap:Ethernet HWaddr 10:DF:21:DF:1B:C5 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:37083400 errors:0 dropped:0 overruns:0 frame:0 TX packets:36007047 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2111526714 (1.9 GiB) TX bytes:893920689 (852.5 MiB) eth0 Link encap:Ethernet HWaddr 10:DF:20:CE:1B:B2 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:73849311 errors:0 dropped:0 overruns:0 frame:0 TX packets:71651191 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1860166371 (1.7 GiB) TX bytes:4061112643 (3.7 GiB) Interrupt:4 Base address:0x2000 eth1 Link encap:Ethernet HWaddr 10:BF:20:DF:1A:B8 UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:2167739 errors:1 dropped:0 overruns:0 frame:14874409 TX packets:2691377 errors:108 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1449581768 (1.3 GiB) TX bytes:2683796769 (2.4 GiB) Interrupt:3 Base address:0x1000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1 RX packets:1005 errors:0 dropped:0 overruns:0 frame:0 TX packets:1005 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:156929 (153.2 KiB) TX bytes:156929 (153.2 KiB) ppp0 Link encap:Point-to-Point Protocol inet addr:22.22.22.222 PtP:22.22.22.222 Mask:255.255.255.255 UP POINTOPOINT RUNNING MULTICAST MTU:1400 Metric:1 RX packets:1738332 errors:0 dropped:0 overruns:0 frame:0 TX packets:2089007 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:756439075 (721.3 MiB) TX bytes:1167050907 (1.0 GiB) vlan1 Link encap:Ethernet HWaddr 20:CF:30:CE:0A:B6 UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:36136587 errors:0 dropped:0 overruns:0 frame:0 TX packets:34736222 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2237528696 (2.0 GiB) TX bytes:4119244159 (3.8 GiB) vlan2 Link encap:Ethernet HWaddr 10:BF:10:DE:1A:A7 inet addr:11.11.11.111 Bcast:11.11.11.111 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:37693742 errors:0 dropped:0 overruns:0 frame:0 TX packets:36914969 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2587444201 (2.4 GiB) TX bytes:4236835780 (3.9 GiB) root@unknown:/tmp/home/root# ip route flush table 3 Nothing to flush. root@unknown:/tmp/home/root# ip route add 192.168.1.0/24 dev br0 table 3 root@unknown:/tmp/home/root# ip route add 127.0.0.0/8 dev lo table 3 root@unknown:/tmp/home/root# ip route add default via 10.0.0.1 table 3 RTNETLINK answers: No such process root@unknown:/tmp/home/root# ip rule add from 192.168.1.112 table 3 vlan2有我的实际ISP IP,我掩盖它到11.11.11.111出于隐私的原因ppp0有我的实际PPTP IP,我隐瞒它为22.22.22.222出于隐私的原因
我怎样才能通过VPN路由某些机器?
我完全一样,只通过VPN路由某些机器。 在我的情况下,我运行这个脚本结合openvpn选项--up /etc/rc.usvpn :
#!/bin/bash TUNDEV=$1 LOCALIP=$4 REMOTEIP=$5 # Send certain machines' traffic via the US VPN. ip rule del pref 200 ip rule add from 192.168.1.22 table usvpn pref 200 ip route add default dev tun0 table usvpn # MASQ anything heading out of tun0 iptables -t nat -F POSTROUTING iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o $TUNDEV -j MASQUERADE