Welcome to the forum.
Code:
iptables -A OUTPUT -t mangle -p tcp -m tcp --sport 22 -j MARK --set-xmark 3
ip rule add fwmark 3 table 3
ip r a default via 169.254.0.1 dev eth0 table 3
What the above is doing is this:
1: Adding a firewall rule that marks outgoing packets from the ssh service (port 22) wtih a firewall mark (number 3, this is an arbitrary number)
2: Adding a rule that says packets so marked should use routing table number 3 instead of the default routing table
3: Adding a default route to routing table 3, forwarding to 169.254.0.1. You must the normal default route gateway address here.
The idea is that this prevents the ssh server from suddenly going over the VPN when it is brought up.
This command will tell you what the default route (without the VPN) is, giving you the address to use in table 3:
Code:
ip route list default
But you say you have changed the ssh port. If so, you need to change that first line to mark whichever port your ssh is now using. I am guessing that this is your problem.
If you still have problems, I think we need to see the output from these commands (while the VPN is up), and also to know what port your ssh server is really on:
Code:
ip route
ip rule
iptables-save # this prints the rules, not save them
Another possibility is that you are using IPv6 not IPv4, which would need similar rules in ip6tables (this post only mentions IPv4). Let us know if this is the case.
Bookmarks