With iptables, is it possible to route only certain domains?

Sawtaytoes

2/18/24, 12:27 PM

I'm routing specific devices through a separate gateway device that connects to a Tailscale VPN exit node.

I'm using this command so my device can act as NAT router to Tailscale:

sudo iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE

But this only works because I've enabled IP forwarding in sysctl:

sudo sysctl net.ipv4.ip_forward=1
sudo sysctl net.ipv6.conf.all.forwarding=1

I'd like to be more specific with my NAT routing such that only traffic to certain domains go through the tailscale0 interface and everything else passes through. I'm assuming this is the same issue you'd see with OpenVPN's tun0 and tap0 interfaces.

How can I accomplish L3 domain routing with iptables?

117

0 + 4

iptables

openvpn

ip-forwarding

policy-routing

tailscale

TomTom

2/18/24, 12:59 PM

How would you know whether a specific IP address "belongs" to a domain? Have you ever tried to think this through?

Sawtaytoes

2/18/24, 8:22 PM

As far as I understand, `iptables` allows mapping domains, so this is definitely possible. Another option is `route`, but I'm pretty sure this can be done with `iptables`.

A.B

2/18/24, 10:08 PM

The iptables *command* will resolve a DNS name into an IP address and send the resulting IP address along the rule to the kernel. From now on, it's all about IP addresses. Same with routing.

TomTom

2/18/24, 10:11 PM

Yeah. There also is the little problem that ip packets may belong to multiple domains - how would that work? No, IP tables works only on IP addresses.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: With iptables, is it possible to route only certain domains?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.