Hi
Success!
Well, not in the first place. I executed the three commands Marius suggested, and they certainly did have an effect! The forwarded packets that were supposed to go to my 'inner' server were also routed back to the AMPR GW, which of course did not know anything about my local addresses (192.168...).
However, after adding this line:
ip route add 192.168.19.0/24 dev enp0s6 table 44
everything felt in place and I'm now a happy man.
Thanks again for all the help.
Best 73 de Bent/OZ6BL
On 04/03/2019 03.29, Marius Petrescu wrote:
Sorry, but mails got rearranged my the mailer....
ip rule add fwmark 1 table 44
iptables -t mangle -A PREROUTING -i tunl0 ! -s 44.0.0.0/8 -j CONNMARK --set-mark 1
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
On 04.03.2019 04:25, Marius Petrescu wrote:
Bent, try something like this:
|# this tells the system to use table 44 for packets marked with 1 ip rule add fwmark 1 table 44 # this tells the system to apply a connection mark of 1 to incoming connections on tunl0 that are NOT in the 44/8 address space |iptables -t mangle -A PREROUTING -i tunl0 ! -s 44.0.0.0/8 -j CONNMARK --set-mark 1
# this tells to copy the connection mark (if any) to the packet mark so it will follow the rule above iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
Marius, YO2LOJ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net