1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Force all traffic from ip though only tunl1 even if vpn connection is lost.

Discussion in 'Tomato Firmware' started by Funkoid, Aug 30, 2013.

  1. Funkoid

    Funkoid Serious Server Member

    I have a single host I would like to force all traffic through tunl1, if tunl1 drops I want this host to completely lose internet connectivity. Is this possible with tomato?

    At the minute I'm running the widely known wanup iptable script which forces the host down the vpn but when the tunnel drops this traffic makes its way via the normal gateway to the wan port. If .66 is the host I'm talking about would this work?

    iptables -I FORWARD -i br0 -s 192.168.1.66 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -s 192.168.1.66 -o br0 -j ACCEPT
    iptables -I FORWARD -i br0 -s 192.168.1.66 -o vlan2 -j DROP
    iptables -I INPUT -i tun0 -s 192.168.1.66 -j REJECT
    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

    I'm not sure if i need the masquerade or not? Or whether the above will accomplish what I need.
     
    Last edited: Aug 30, 2013

Share This Page