I'm trying to forward traffic from a physical interface enp5s0 to a virtual one tun0. The goal is to make tun0 receive essentially all packets from enp5s0.
First, I enable forwarding with a command
sudo sysctl -w net.ipv4.ip_forward=1
Then I create tun0 by running
sudo ip tuntap add dev tun0 mod tun
I assign it IP-address and turn the device on:
sudo ifconfig tun0 10.1.8.5 netmask 255.255.255.0 promisc up
I want to make all packets go from enp5s0 to tun0, so I have to use iptables. I need to make a rule that allows forwarding from enp5s0 to tun0, so the command is
sudo iptables -A FORWARD --in-interface tun0 --out-interface enp5s0 -j ACCEPT
Then I enable NAT by running
sudo iptables -t nat -A POSTROUTING --out-interface enp5s0 -j MASQUERADE
tcpdump shows no traffic on tun0.
Also, I tried almost the same thing, but using TAP device. I created a bridge with brctl, added tap0 and enp5s0, but no packets were received by tap0 and everything was ok with enp5s0. Nothing like default gw 10.1.8.5 works in TUN case. Where is a mistake?
Best Answer
Your in and out interfaces are reversed in the iptables command.
They should be:
and: