Am Mittwoch, den 24.09.2008, 16:35 +0000 schrieb Lothar Gesslein: > Some the errors you are getting are connected to the fact that we don't > ship the "normal" ip utility by default but the busybox version, which > does not have all features. > > The "full" ip utility is avaliable via the iproute2 package. > Hope that helped a bit, feel free to ask again if not.
Yes, it helped a lot, thanks! It works now. It redirects all traffic which is not going to some safe destination ports via a VPN. This is how I did it (if anybody else is interested in): 1. Install the neccessary packages: - ipkg install ip 2. Create /etc/iproute2 3. Change /etc/firewall.conf Add the following at the top: > iptables -t mangle -F > > ## Route traffic based on destination-port > IP_BIN="/usr/sbin/ip" ## Path to ip-bin from iproute2-package (use 'ipkg > install ip' to get it installed) > VIA_IP="10.8.100.1" ## IP of the router to use > SAFE_PORTS_TCP="20,21,22,25,53,80,110,443,465,995,1337" ## TCP Ports which > should not be redirected > SAFE_PORTS_UDP="53" ## UDP Ports which should not be redirected Add the following at the bottom: > ## Routing based on destination port > #iptables -t mangle -A PREROUTING -i $LAN -p TCP --dport ! > "$SAFE_PORTS_TCP" -j MARK --set-mark 1 > #iptables -t mangle -A PREROUTING -i $LAN -p TCP --dport ! > "$SAFE_PORTS_UDP" -j MARK --set-mark 1 > #iptables -t mangle -A PREROUTING -i $LAN -p TCP --dport 443 -j MARK > --set-mark 1 > > [ -d /etc/iproute2 ] || mkdir /etc/iproute2 > if ! cat /etc/iproute2/rt_tables | grep -q '^251' > then > echo '251 rt_link1' >> /etc/iproute2/rt_tables > fi > > "$IP_BIN" route flush table rt_link1 > "$IP_BIN" route add table rt_link1 default via "$VIA_IP" > "$IP_BIN" rule del from all fwmark 1 2>/dev/null > "$IP_BIN" rule add fwmark 1 table rt_link1 > "$IP_BIN" route flush cache Regards, M. -- My choice is what I choose to do, and if I'm causin' no harm, why should it bother you? Your choice is who you choose to be, and if you'r causin' no harm, you are right to me.
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
_______________________________________________ freewrt-developers mailing list [email protected] https://www.freewrt.org/lists/listinfo/freewrt-developers
