Force all traffic from ip though only tunl1 even if vpn connection is lost.

Discussion in 'Tomato Firmware' started by Funkoid, Aug 30, 2013.

  1. Funkoid

    Funkoid Networkin' Nut Member

    I have a single host I would like to force all traffic through tunl1, if tunl1 drops I want this host to completely lose internet connectivity. Is this possible with tomato?

    At the minute I'm running the widely known wanup iptable script which forces the host down the vpn but when the tunnel drops this traffic makes its way via the normal gateway to the wan port. If .66 is the host I'm talking about would this work?

    iptables -I FORWARD -i br0 -s -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -s -o br0 -j ACCEPT
    iptables -I FORWARD -i br0 -s -o vlan2 -j DROP
    iptables -I INPUT -i tun0 -s -j REJECT
    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

    I'm not sure if i need the masquerade or not? Or whether the above will accomplish what I need.
