Iptables -t filter -A OUTPUT -p icmp -j MYVPN Iptables -t filter -A OUTPUT -p tcp -syn -j MYVPN Iptables -t filter -A MYVPN -o $ -j RETURN ![]() Iptables -t filter -A MYVPN -o lo -j RETURN # Exceptions for local traffic & vpn server Ip route add table 128 default via 192.168.1.1 # Flush all previous filter rules, you might not want to include this line if you already have other rules setup It may or may not be necessary to do so, but either way is more convenient than running the two commands separately. # If you'd like, putting the tun2socks command here is a good idea. # automatically determine the ip from the default route # gateway ip address (before tunnel - adsl router ip address) ![]() # name of primary network interface (before tunnel) You'll need something like tun2socks in order to make a virtual tunnel interface (such as vpn's use).įollowing that, you can set up an iptables script similar to the following: #!/bin/bashĮcho "This script must be run as root" 1>&2 Some applications do not use system wide configuration settings (Firefox among them), and thus it's imperative that you tailor your rules not to allow direct connections and only to route traffic through the proxy.ĮDIT: While I personally use iptables rules to manage potential "leakage" from my VPN, I was actually originally mistaken to think iptables could work with a socks proxy directly. ![]() While setting the system wide proxy settings is a good start, you may also want to look into using iptables to ensure that all traffic is going through the proxy.
0 Comments
Leave a Reply. |