Make a redirect if NAT out interface is down

Make a redirect if NAT out interface is down

[cmlitguy]

Hello,
I have a question about possibility of making a redirect if  NAT out 
interface tun0 is down.
This is iptables rule for Masquerading our network via VPN connection.

iptables  --table  nat  --append  POSTROUTING  --out-interface  tun0  -j  MASQUERADE  -m  comment  --comment  "Masquerading"

When VPN goes down, we can't access some resources and we need to verify 
its status and establish it again.
Is it possible to make a redirect of all traffic to another host - Web 
Site(via IP address) of tun0 is down ?
In this case all users immediately be seen that VPN should be established.

Thanks.

Sorry for my english.

Re: Make a redirect if NAT out interface is down

[Andrew Beverley]

On Sat, 2012-03-03 at 01:49 +0200, cmlitguy@gmail.com wrote:
> Hello,
> I have a question about possibility of making a redirect if  NAT out 
> interface tun0 is down.
> This is iptables rule for Masquerading our network via VPN connection.
> 
> iptables  --table  nat  --append  POSTROUTING  --out-interface  tun0  -j  MASQUERADE  -m  comment  --comment  "Masquerading"
> 
> When VPN goes down, we can't access some resources and we need to verify 
> its status and establish it again.
> Is it possible to make a redirect of all traffic to another host - Web 
> Site(via IP address) of tun0 is down ?

If the interface actually does "down", then I would use your operating
system's networking scripts to run a "down" script. E.g. for Debian
use /etc/network/interfaces

If it just stops responding, then I'd consider LSM[1] to monitor it and
do something similar.

[1] http://lsm.foobar.fi/

Re: Make a redirect if NAT out interface is down

[cmlitguy]

Hello Andrew Beverley,
Thank you for reply.
I tried this in CentOS:

vi /sbin/ifup-local

echo  if  is  now  up  >/tmp/log.txt

I tried this in CentOS:

But it doesn't work with vpnc and tun0 interface.
I used netplugd to monitor up/down events and generate appropriate rules in iptables.






On 3/4/2012 10:04 PM, Andrew Beverley wrote:
> On Sat, 2012-03-03 at 01:49 +0200, cmlitguy@gmail.com wrote:
>> Hello,
>> I have a question about possibility of making a redirect if  NAT out
>> interface tun0 is down.
>> This is iptables rule for Masquerading our network via VPN connection.
>>
>> iptables  --table  nat  --append  POSTROUTING  --out-interface  tun0  -j  MASQUERADE  -m  comment  --comment  "Masquerading"
>>
>> When VPN goes down, we can't access some resources and we need to verify
>> its status and establish it again.
>> Is it possible to make a redirect of all traffic to another host - Web
>> Site(via IP address) of tun0 is down ?
> If the interface actually does "down", then I would use your operating
> system's networking scripts to run a "down" script. E.g. for Debian
> use /etc/network/interfaces
>
> If it just stops responding, then I'd consider LSM[1] to monitor it and
> do something similar.
>
> [1] http://lsm.foobar.fi/
>
>

Make a redirect if NAT out interface is down

[cmlitgUy@gmail.com]

Hello,
I have a question about possibility of making a redirect if  NAT out 
interface tun0 is down.
This is iptables rule for Masquerading our network via VPN connection.

iptables  --table  nat  --append  POSTROUTING  --out-interface  tun0  -j  MASQUERADE  -m  comment  --comment  "Masquerading"

When VPN goes down, we can't access some resources and we need to verify 
its status and establish it again.
Is it possible to make a redirect of all traffic to another host - Web 
Site(via IP address) of tun0 is down ?
In this case all users immediately be seen that VPN should be established.

Thanks.

Sorry for my English.