Forward special packets

主机A与主机B之间建立了一条 IPIP 遂道,两个主机之间生成的TCP协议且源端口是8000的包需要通过遂道传输到对方后,通过对方的网关发送出去。

On Host A

TUN_IFACE="tun-b"
HOST_A_IP="10.0.0.3"
HOST_B_IP="10.0.3.2"
TUN_GATEWAY="192.168.4.2"
HOST_GATEWAY="10.0.0.1"
 
sudo iptunnel add ${TUN_IFACE} mode ipip remote ${HOST_B_IP} local ${HOST_A_IP}
sudo ifconfig ${TUN_IFACE} up
sudo route add -host ${TUN_GATEWAY} dev ${TUN_IFACE}
 
sudo iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 8000 -m mark ! --mark 0x8888 -j TEE --gateway ${TUN_GATEWAY}
sudo iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 8000 -j MARK --set-mark 0x8888
sudo iptables -t mangle -A PREROUTING -m mark --mark 0x8888 -j TEE --gateway ${HOST_GATEWAY}

On Host B

TUN_IFACE="tun-a"
HOST_A_IP="10.0.0.3"
HOST_B_IP="10.0.3.2"
TUN_GATEWAY="192.168.4.1"
HOST_GATEWAY="10.0.3.1"
 
sudo iptunnel add ${TUN_IFACE} mode ipip remote ${HOST_A_IP} local ${HOST_B_IP}
sudo ifconfig ${TUN_IFACE} up
sudo route add -host ${TUN_GATEWAY} dev ${TUN_IFACE}
 
sudo iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 8000 -m mark ! --mark 0x8888 -j TEE --gateway ${TUN_GATEWAY}
sudo iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 8000 -j MARK --set-mark 0x8888
sudo iptables -t mangle -A PREROUTING -m mark --mark 0x8888 -j TEE --gateway ${HOST_GATEWAY}

Over!

Leave a Reply

Your email address will not be published. Required fields are marked *