Re: FWDing packets from a physical interface to a virtual interface

[Jorge Davila <davila@nicaraguaopensource.com>]

Arash:

AFAIK, you must open a path in the firewall to the vpn daemon 
(port/protocol) and the daemon will be in charge of administering the 
traffic between the clients and the vpn server.

Additionally, you must tell to the client where is the server (the ip 
address), what device will be used (tun or tap device).

May you want ask in the mailing list for the vendor/provider of the vpn 
software that you are using.


Hope this helps,

Jorge Dávila.

On Wed, 12 Sep 2007 02:06:53 +0330
  Arash Yadegarnia <arash@bluehome.net> wrote:
> Hi, :)
> 
> Here is the situation:
> 
> I have a machine with 2 NICs, assume eth0 (192.168.0.10) connected to my
> LAN, and eth1 (192.168.0.20) connected to Internet through a gateway.
> I also, have a virtual tap0 (TUN/TAP) interface (10.0.0.1) on this
> machine.
> 
> All that I want to do is simply, forwarding ALL traffic coming to eth0
> from the LAN, into my tap0 interface, So I can modify them using my own
> user space program which can capture packets on the tap interface and
> send them on eth1 to another address somewhere in the world (through
> Internet).
> 
> Since I want IP addresses unchanged, I cannot use NAT or Masquerading.
> As far as I know, In this matter forwarding should be done in Layer-2 so
> I'm not sure if I can use iptables to do the job.
> I also have tried bridging but I was trapped in a horrible bridge loop
> (Enabling STP on bridge also didn't work for me).
> 
> Any ideas? :)
> 
> Thanks,
> Arash
> 
> 
> 

Jorge Isaac Davila Lopez
Nicaragua Open Source
+505 430 5462
davila@nicaraguaopensource.com