routing specific IP to ppp0 tunnel
you could do something like this for your ip-up script:
echo "route add 208.85.40.20 dev \$IFNAME" >> /etc/ppp/ip-up.local
chmod 755 /etc/ppp/ip-up.local
EDIT
I see your using openwrt; I don't think $IFNAME will resolve to ppp0,ppp1 etc. The openwrt wiki hints at $INTERFACE in the ip-up script:
echo "route add 208.85.40.20 dev \$INTERFACE" >> /etc/ppp/ip-up
EDIT2
Have you tried to manually add the route?
route add 208.85.40.20 dev ppp0
route add 208.85.40.50 dev ppp0
If so, does it show up in your routing table? If it does, (I assume it does) then I suspect the problem is either in your firewall or on the other side of the ppp link. You can verify with tcpdump - if you see traffic leaving the ppp0 interface but no return then it's likely the ppp peer. If you see no traffic then check the iptables settings.
tcpdump -n ip host 208.85.40.20
insecure iptables for troubleshooting:
iptables -t nat -I PREROUTING -d 208.85.40.20 -j ACCEPT
iptables -t nat -I PREROUTING -s 208.85.40.20 -j ACCEPT
iptables -I FORWARD -s 208.85.40.20 -j ACCEPT
iptables -I FORWARD -d 208.85.40.20 -j ACCEPT
iptables -t nat -I POSTROUTING -s 208.85.40.20 -j ACCEPT
iptables -t nat -I POSTROUTING -d 208.85.40.20 -j MASQUERADE
Related videos on Youtube
gompertz
I am a hobby programmer who favors old style terminal based software. My interests currently lie in a combination of pattern-matching, regular-expressions, data mining, and artificial intelligence. My favorite languages are C, C++, Awk (and its variants), and the very old Snobol-4 Also I'm aspiring to learn more about Lisp, Lex/Yacc, and IA-32 Assembly I'm a massive believer in the Unix Philosophy: Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface. -- The Art of Unix Programming
Updated on September 17, 2022Comments
-
gompertz over 1 year
I feel I've struggled with this long enough and need some help.
I have a pptp tunnel and am trying to route destination traffic from 208.85.40.20 to the pptp tunnel (ppp0). (Keen observers may recognize the ip as being that of pandora.com). I am doing all this configuration on a router... and I know it's not working successfully as traceroute yields nothing but astericks.
I've pasted relevant outputs below: (with some "security" editing to the addresses)
root@OpenWrt:~# ifconfig br0 Link encap:Ethernet HWaddr 00:1A:92:BC:XX:XX inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:28185 errors:0 dropped:0 overruns:0 frame:0 TX packets:24936 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4894242 (4.6 MiB) TX bytes:5941902 (5.6 MiB) eth0 Link encap:Ethernet HWaddr 00:1A:92:BC:XX:XX UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:51829 errors:0 dropped:0 overruns:0 frame:0 TX packets:56824 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11490288 (10.9 MiB) TX bytes:11857913 (11.3 MiB) Interrupt:4 eth2 Link encap:Ethernet HWaddr 00:1A:92:BC:XX:XX UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:15426 TX packets:9529 errors:21 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:423 (423.0 B) TX bytes:596036 (582.0 KiB) Interrupt:2 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:30 errors:0 dropped:0 overruns:0 frame:0 TX packets:30 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2300 (2.2 KiB) TX bytes:2300 (2.2 KiB) ppp0 Link encap:Point-Point Protocol inet addr:68.68.39.250 P-t-P:172.16.20.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1 RX packets:165 errors:2 dropped:0 overruns:0 frame:0 TX packets:68 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:7006 (6.8 KiB) TX bytes:3462 (3.3 KiB) vlan0 Link encap:Ethernet HWaddr 00:1A:92:BC:XX:XX UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:28182 errors:0 dropped:0 overruns:0 frame:0 TX packets:33813 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5006544 (4.7 MiB) TX bytes:6609774 (6.3 MiB) vlan1 Link encap:Ethernet HWaddr 00:1A:92:BC:XX:XX inet addr:173.183.111.3 Bcast:173.183.111.255 Mask:255.255.224.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:23653 errors:0 dropped:0 overruns:0 frame:0 TX packets:23012 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5522012 (5.2 MiB) TX bytes:4982944 (4.7 MiB) wds0.4915 Link encap:Ethernet HWaddr 00:1A:92:BC:XX:XX UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) wds0.4915 Link encap:Ethernet HWaddr 00:1A:92:BC:XX:XX UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root@OpenWrt:~# cat /etc/ppp/ip-up iptables -A FORWARD -t filter -i br0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -t filter -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.1/24 -d 0/0 -j MASQUERADE iptables -A forwarding_rule -o ppp0 -j ACCEPT iptables -A forwarding_rule -i ppp0 -j ACCEPT iptables -t nat -A postrouting_rule -o ppp0 -j MASQUERADE
root@OpenWrt:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.20.1 * 255.255.255.255 UH 0 0 0 ppp0 208.85.40.20 * 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 * 255.255.255.0 U 0 0 0 br0 173.183.192.0 * 255.255.224.0 U 0 0 0 vlan1 default d173-183-192-1. 0.0.0.0 UG 0 0 0 vlan1 default 192.168.1.1 0.0.0.0 UG 0 0 0 br0
Any advice is greatly appreciated, I'm not too great with network but am pretty astute at learning ;-)
-
gompertz about 14 yearsWhat you did yields what I had in my route table to begin with. traceroute'ing 208.85.40.20 afterwards does not return anything. =\
-
gompertz about 14 yearsEddy, thanks for the help to this point! tcpdump -n ip host 208.85.40.20 -i eth0 captures ping request/replys before touching the route table. Then after doing "route add 208.85.40.20 dev ppp0" and running tcpdump again with "tcpdump -n ip host 208.85.40.20 -i ppp0" it captures ping requests, but no reply back. I've tried this with iptables flush, firewall stopped, your rules, etc. All the same result. I assume if tcpdump shows it leaving the interface it is successfully passing the firewall? Maybe this is a ppp server issue, but its from strongvpn which is reputable.
-
gompertz about 14 yearsSwitched server, same results. HOWEVER, new discovery:: Initializing the tunnel with "pppd call strongvpn debug dump nodetach", then opening a new terminal and doing pinging/tracing on the 208.85.40.20 shows nothing being sent by pppd... I'd assume the daemon should be throwing out some sort of garble.
-
gompertz about 14 yearsSome other facts: I can ping 68.68.36.250 (this makes sense as its the IP of ppp0, but just stating). I can't ping 172.16.20.1 (this to me doesn't make sense as I have 172.16.20.1 in the route table, and whilst it's the server address of the ppp server I'd figure it should be reachable for the tunnel to really be a tunnel....)
-
Eddy about 14 yearsmy guess is that your traffic is hitting the other end of the ppp tunnel; but your ppp0 ip address is not getting nat translation on the other side so the 172.16.20.1 server is coming back to you via its default gateway and getting lost.