nat-start for policy-based PORT routing

[pierredugland]

NO!
The '-D' means delete the iptables rule, it has nothing to do with (inbound/outbound) 'direction'.

Yes typo I just copied the last one my bad.

I have no idea what NAS application uses destination port 8112/8113, but if you are trying to host a 'hidden' service on your NAS that can only be accessed by 'your friends' inbound through the VPN Client 2 tunnel, then you need to customise other features....

I'm just trying to hide some p2p traffic (deluge is running on those ports) and I don't want to broadcast my static IP there. Am I misguided in thinking the above manipulation will achieve that ?

 

[TommyGun]

Have you ever achieved to resolve this?
I'm kind of in the same situation, although i don't really care if all traffic from my NAS goes out via the VPN - i still want to be able to use DSM (share files remotely) but i can't get port 8051 to work...

#!/bin/sh

sleep 10  # During the boot process nat-start may run multiple times so this is required

# Ensure duplicate rules are not created
for VPN_ID in 0 1 2 3 4 5
   do
      ip rule del prio 999$VPN_ID  2>/dev/null
   done

# Create the RPDB rules
ip rule add from 0/0 fwmark "0x8000/0x8000" table main   prio 9990        # WAN   fwmark
ip rule add from 0/0 fwmark "0x7000/0x7000" table ovpnc4 prio 9991        # VPN 4 fwmark
ip rule add from 0/0 fwmark "0x3000/0x3000" table ovpnc5 prio 9992        # VPN 5 fwmark
ip rule add from 0/0 fwmark "0x1000/0x1000" table ovpnc1 prio 9993        # VPN 1 fwmark
ip rule add from 0/0 fwmark "0x2000/0x2000" table ovpnc2 prio 9994        # VPN 2 fwmark
ip rule add from 0/0 fwmark "0x4000/0x4000" table ovpnc3 prio 9995        # VPN 3 fwmark

iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.5 -p tcp -m multiport --sport 8051 -j MARK --set-mark 0x1000/0x1000