Ssh – Route only ssh traffic through VPN

remote-managementroutingsshvpn

Is it possible to route a computer's SSH service through a VPN connection but allow ALL other data to exit through the WAN address? What sort of iptables magic needs to be done to accomplish this?

SSH data → goes through VPN
ALL other data → goes through default route

Best Answer

My answer is related to the answer of related, but more complicate question and not tested.

You need the iproute2 package installed.

Add to /etc/iproute2/rt_tables the line

200 vpn-route

and then write a script that you call after VPN is initialized:

# set default gateway of vpn-route
ip route add default via $VPNGATEWAY dev $VPNINTERFACE table vpn-route
# use this for marked packages
ip rule add fwmark 0x1 table vpn-route
# mark outgoing ssh packages
iptables -t mangle -A OUTPUT -o $WANINTERFACE -p tcp --dport 22 -j MARK --set-mark 1
# rewrite source address
iptables -t nat -A POSTROUTING -o $VPNINTERFACE -j MASQUERADE

Of course, you need to replace the $... variables with their actual values.

PS: If your IP on the WAN-interface is fix, you can replace the last line with iptables -A POSTROUTING -t nat -o $WANINTERFACE -p tcp --dport 22 -j SNAT --to $WANIP

Best Answer

Related Solutions

Related Question