[Solved] Route traffic from tun0 to eth0 on certain ports

PabPabPab Asks: Route traffic from tun0 to eth0 on certain ports
I’m having quite a headache on this one. I used to get it done, and just realized now it does not work anymore. Possibly because after some update.

I have OpenVPN running with this config:

Code:
client
dev tun
proto udp
remote 45.152.181.35 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

script-security 2
up /etc/openvpn/update-resolv-conf
up-restart
down /etc/openvpn/update-resolv-conf
down-pre

dhcp-option DNSSEC allow-downgrade

remote-cert-tls server
dhcp-option DNS 10.0.0.50
dhcp-option DNS 10.0.0.51
route 10.0.0.50 255.255.255.255 net_gateway
route 10.0.0.51 255.255.255.255 net_gateway

verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
...

So I have it up and running on tun0. By default, all my traffic is redirected to this interface, no problem.

Except I want some ports, 80 and 443 in particular, to be retirected to eth0 in order to use my regular public IP.

I used to get it done running this script:

Code:
ip rule add sport 80 table 128
ip rule add sport 443 table 128

ip route add table 128 to 10.0.0.0/24 dev eth0
ip route add table 128 default via 10.0.0.1

So it used to work like a charm, but now, for some reason, it does not work anymore :(

ifconfig lookis like this:

Code:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.50  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::dea6:32ff:feec:aff6  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::eb4d:9953:dab1:619f  prefixlen 64  scopeid 0x20<link>
        ether dc:a6:32:ec:af:f6  txqueuelen 1000  (Ethernet)
        RX packets 50096  bytes 34011045 (34.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 49083  bytes 24696341 (24.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 7445  bytes 1912768 (1.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7445  bytes 1912768 (1.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.1.9  netmask 255.255.255.0  destination 10.8.1.9
        inet6 fe80::bddd:593b:241f:491f  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 32682  bytes 25077475 (25.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 26904  bytes 4130127 (4.1 MB)

To be clear, a command like curl -s https://checkip.amazonaws.com used to output my real public IP, now it outputs my VPN public IP.

I”m getting dizzy googling this, tried a lot of things without success but as it used to work I’m suspecting something stupid I must be missing.

Any suggestion would be greatly appreciated :)

Ten-tools.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your response here to help other visitors like you. Thank you, Ten-tools.