OK, I admit it, this is more of a Linux networking challenge, but it's one I want to resolve under gentoo.
I have two network interfaces - eth0 and tun0 - and both are (somehow) connected to the internet. When I have eth0's IP address as my default route, all my traffic is sent out via my NAT enabled router and is associated with its dynamic IP address... however, while I can receive packets on the tun0 interface, replies are sent via eth0, and that means ping doesn't work and TCP connections to tun0's publicly accessible IP address fail. When I have tun0's IP address as my default route, all my traffic (inbound and outbound TCP connections) are routed over tun0... enabling the previously precluded inbound connections on tun0's publicly accessible IP address, but which is an unnecessarily inefficient use of the (more expensive) tun0 interface for outbound connections. What I really want is for eth0 to be used all the time, except for packets associated with TCP streams that connected from remote hosts to tun0's public facing IP address - when tun0 must be used. I don't need/want to support UDP or other protocols communicating via tun0 - and TCP connections to tun0 will only arrive on a handful of ports which I can determine up front. Should I be using IPTables for this, and - if so - is there a howto addressing this scenario? Is there a better approach than IPTables?
