In OpenVPN I might want to route packets over the tunnel depending on certain metrics, such as the source port, source machine, destination IP or any combination thereof. This is quite simple with iptables:
The OpenVPN up script:
#!/bin/sh
iptables -A forwarding_rule -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
ip rule add fwmark 1 table 1
ip route add default dev tun0 table 1
ip route add default dev tun0 table 1
iptables -t mangle -A PREROUTING -s 192.168.6.11 -j MARK –set-mark 1
iptables -t mangle -A PREROUTING -s 192.168.6.10 -p tcp –dport 80 -j MARK –set-mark 1
iptables -t mangle -A PREROUTING -s 192.168.6.10 -p tcp –dport 80 -j MARK –set-mark 1
# route all packets from eth0.2 to vpn
iptables -t mangle -A PREROUTING -i eth0.2 -j MARK –set-mark 1
iptables -t mangle -A PREROUTING -i eth0.2 -j MARK –set-mark 1
# route packets from designated machines to vpn
iptables -t mangle -A PREROUTING -m mac –mac-source 00:23:10:00:44:44-p udp –dport 53 -j MARK –set-mark 1
Chris's space 