Linux – If there are 2 NICs on the same machine, can a TCP client on one NIC connect to a TCP server on the other NIC

linuxnetwork-adapternetworkingtcp

I use TUN/TAP to create a tun NIC tun0 with IP 10.10.10.2, and I have a real NIC eth0 with IP 202.112.34.49

Then I run a TCP client which binds its socket to 202.112.34.49 and a TCP server binding 10.10.10.2. but I can't establish a tcp connection between them.

So can a TCP client on one NIC connect to a tcp server on the other NIC?

Best Answer

Packets to local addresses will always run on the lo interface; they will never leave the machine. (Packets to local addresses arriving on non-lo interfaces are regarded as martians.)

In other words, your packets must get stuck on the lo interface somewhere, possibly due to a firewall. Check your iptables-save output and do a tcpdump on the lo interface for those packets to debug this issue.

Related Solutions

Linux – OpenVPN server to forward incoming connection to client

Fortunately I have found the answer in this ServerFault question.

Some configuration I took from this DigitalOcean tutorial.

Having port forwarding enabled in sysctl I still needed to add some iptables rules added to /etc/ufw/before.rules, it looks something like this:

#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-before-input
#   ufw-before-output
#   ufw-before-forward
#


# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]

-A PREROUTING -i eth0 -p tcp -m tcp --dport 50100 -j DNAT --to-destination [Client-1's vpn address]:50100
-A PREROUTING -i eth0 -p udp -m udp --dport 50100 -j DNAT --to-destination [Client-1's vpn address]:50100

# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES


# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
.
.
.
.
.
# allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT


# START OPENVPN RULES
-A FORWARD -d [Client-1's vpn address]/32 -p tcp -m tcp --dport 50100 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d [Client-1's vpn address]/32 -p udp -m udp --dport 50100 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# END OPENVPN RULES


# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

With the sysctl port forwarding enabled and the ip specific port forwarding iptables rules, now the 50100 port is open and forwarded to Client-1's port.

Best Answer

Related Solutions

Linux – OpenVPN server to forward incoming connection to client

Related Question