Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ifconfig
- tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
- inet addr:10.0.0.1 P-t-P:10.0.0.1 Mask:255.255.255.255
- inet6 addr: fe80::ce51:67bd:73e8:fe63/64 Scope:Link
- UP POINTOPOINT RUNNING MTU:1500 Metric:1
- RX packets:1665 errors:0 dropped:0 overruns:0 frame:0
- TX packets:1665 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:500
- RX bytes:261471 (261.4 KB) TX bytes:261471 (261.4 KB)
- $cat /etc/sysctl.conf
- #
- # /etc/sysctl.conf - Configuration file for setting system variables
- # See /etc/sysctl.d/ for additional system variables.
- # See sysctl.conf (5) for information.
- #
- #kernel.domainname = example.com
- # Uncomment the following to stop low-level messages on console
- #kernel.printk = 3 4 1 3
- ##############################################################3
- # Functions previously found in netbase
- #
- # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
- # Turn on Source Address Verification in all interfaces to
- # prevent some spoofing attacks
- net.ipv4.conf.default.rp_filter=0
- net.ipv4.conf.all.rp_filter=0
- # Uncomment the next line to enable TCP/IP SYN cookies
- # See http://lwn.net/Articles/277146/
- # Note: This may impact IPv6 TCP sessions too
- #net.ipv4.tcp_syncookies=1
- # Uncomment the next line to enable packet forwarding for IPv4
- net.ipv4.ip_forward=1
- # Uncomment the next line to enable packet forwarding for IPv6
- # Enabling this option disables Stateless Address Autoconfiguration
- # based on Router Advertisements for this host
- #net.ipv6.conf.all.forwarding=1
- ###################################################################
- # Additional settings - these settings can improve the network
- # security of the host and prevent against some network attacks
- # including spoofing attacks and man in the middle attacks through
- # redirection. Some network environments, however, require that these
- # settings are disabled so review and enable them as needed.
- #
- # Do not accept ICMP redirects (prevent MITM attacks)
- #net.ipv4.conf.all.accept_redirects = 0
- #net.ipv6.conf.all.accept_redirects = 0
- # _or_
- # Accept ICMP redirects only for gateways listed in our default
- # gateway list (enabled by default)
- # net.ipv4.conf.all.secure_redirects = 1
- #
- # Do not send ICMP redirects (we are not a router)
- #net.ipv4.conf.all.send_redirects = 0
- #
- # Do not accept IP source route packets (we are not a router)
- #net.ipv4.conf.all.accept_source_route = 0
- #net.ipv6.conf.all.accept_source_route = 0
- #
- # Log Martian Packets
- #net.ipv4.conf.all.log_martians = 1
- #
- $ sudo sysctl -w net.ipv4.conf.tun0.rp_filter=0
- $ sudo sysctl -w net.ipv4.conf.all.rp_filter=0
- $ sudo sysctl -w net.ipv4.ip_forward=1
- $ sudo ip route add default dev tun0 table John
- $ ip rule
- 0: from all lookup local
- 32766: from all lookup main
- 32767: from all lookup default
- $ sudo ip rule add fwmark 0x1 table John
- $ sudo iptables -t mangle -I OUTPUT -o wlp2s0 -j MARK --set-mark 1
- $ ping -c 1 8.8.8.8
- fails
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement