Hi,
I have a mounted folder and an OpenVPN client setup on a new Ubuntu install. Everything’s working well, but I’m trying to get rclone to bypass the VPN. I have the following script in place that bypasses the VPN for certain ports, but rclone looks to use random ports. Is there a way to define the port range for rclone to use, or setup a rule based on the process that’s opening the port? Any help would be greatly appreciated!
# ---ENABLING KERNEL OPTIONS
sudo sysctl -w net.ipv4.conf.ens3.rp_filter=0
sudo sysctl -w net.ipv4.conf.tun0.rp_filter=0
sudo sysctl -w net.ipv4.conf.all.rp_filter=0
sudo sysctl -w net.ipv4.conf.default.rp_filter=0
sudo sysctl -w net.ipv4.conf.lo.rp_filter=0
sudo sysctl -w net.ipv4.conf.all.forwarding=1
sudo sysctl -w net.ipv4.conf.default.forwarding=1
sudo sysctl -w net.ipv4.conf.ens3.forwarding=1
sudo sysctl -w net.ipv4.conf.lo.forwarding=1
sudo sysctl -w net.ipv4.conf.tun0.forwarding=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo sysctl -w net.ipv6.conf.default.forwarding=1
sudo sysctl -w net.ipv6.conf.ens3.forwarding=1
sudo sysctl -w net.ipv6.conf.lo.forwarding=1
sudo sysctl -w net.ipv6.conf.tun0.forwarding=1
sudo sysctl -w net.ipv4.tcp_fwmark_accept=1
# ---CLEAR ALL FIREWALL RULES
iptables -F
iptables -t mangle -F
iptables -t nat -F
# ---FLSUH EXISTING TABLE 101 + cache
ip route flush table 101
ip route flush cache
#--- DEL IF EXISTS AND ADD RULE
ip rule del fwmark 2 table 101
ip rule add fwmark 2 table 101
#--- CREATE TABLE 101
ip route add table 101 default via 192.168.0.1 dev ens3
ip route add table 101 192.168.0.0/24 dev ens3 proto kernel scope link src 192.168.0.144
#--- PORT FORWARD TO TABLE 101
# SETTING MASQUERADE FOR OUTPUT
iptables --table nat --append POSTROUTING -o ens3 -j MASQUERADE
# VPN BYPASS!
# SSH
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 2
# PLEX
iptables -t mangle -A OUTPUT -p tcp --dport 32400 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp --dport 32400 -j MARK --set-mark 2
# HTTP S
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark 2
# FTP
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark 2
# YOU NEED TO SET UP MIN/MAX PORT IN VSFTPD
iptables -t mangle -A PREROUTING -p tcp --dport 13000:13100 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp --sport 21 -j MARK --set-mark 2
#DELUGE LOCAL only from LOCAL NETWORK IPs
iptables -t mangle -A PREROUTING -p tcp --dport 58846 -s 192.168.0.0/24 -j MARK --set-mark 2
# DELUGE WEB GUI
iptables -t mangle -A PREROUTING -p tcp --dport 8112 -j MARK --set-mark 2