Вот мое решение для наводнения. Нет необходимости в iptables.Вот шаги:
ip netns add $NS # Wait for the TUN to come up while [[ $(ip route|grep $TUN|wc -l) == 0 ]]; do sleep 1; done MY_IP=$(ip addr show $TUN|grep inet|cut -d' ' -f6|cut -d'/' -f1) # The way you extract gateway IP might be different for your openvpn connection GATEWAY_IP=$MY_IP # jail my $TUN (VPN interface) into the namespace ip link set $TUN netns $NS # Bring the interface up with a subnet (equivalent to the one given to me by VPN server) ip netns exec $NS ifconfig $TUN $MY_IP/24 up # Bring loopback up ip netns exec $NS ifconfig lo 127.0.0.1/8 up # Set up remote gateway (your pointtopoint VPN IP address) ip netns exec $NS route add default gw $GATEWAY_IP
# Set up veth interfaces for communication between namespaces ip link add veth0 type veth peer name veth1 # Move the second veth to your namespace ip link set veth1 netns $NS # give an IP from unused IP range to first veth ifconfig veth0 10.1.1.1/24 up # And the second one ip netns exec $NS ifconfig veth1 10.1.1.2/24 up # TODO: set up a bridge between veth1 and eth interface to let it communicate with LAN # Set up DNS client. ip netns will emulate /etc/resolv.conf using this file: mkdir -p /etc/netns/$NS echo "nameserver 8.8.4.4" >/etc/netns/$NS/resolv.conf
Вуаля! Вы защищены VPN, а ваш deluge-web находится в свободном доступе в вашей домашней сети