ip route add default dev tun0 table 200
ip rule add fwmark 0x45 table 200
iptables -A INPUT -i tun0 -j ACCEPT

iptables -t nat -I POSTROUTING -o tun0 -j SNAT –to 10.8.0.6
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE

# Add the marked packets
iptables -t mangle -I PREROUTING -p tcp –dport 443 -j MARK –set-mark 0x45
iptables -t mangle -I OUTPUT -s 10.8.0.6 -j MARK –set-mark 0x45

# Delete the marked packets

iptables -t mangle -D OUTPUT -p tcp –dport 443 -j MARK –set-mark 0x45
iptables -t mangle -D OUTPUT -s 10.8.0.6 -j MARK –set-mark 0x45

# re-enable ALL source-address verification filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $i; done

1. #!/sbin/runscript
2. # Distributed under the terms of the GNU General Public License v2
5. IFACE=$(netstat -rn | grep UG | awk ‘NR==1{print($8)}’)
6. ITUN=”tun0″
7. TBL=”VPN1″
9. depend() {
10.         use dnsmasq
11. }
13. start() {
14.         # starting openVPN
15.         /etc/init.d/openvpn.vpn1 start
17.         # wait until VPN is fully operationnal [ route is built ]
18.         while [ -z “$(route -n | awk ‘/'”$ITUN”‘/&&/255/ {print($1)}’)” ]; do sleep .25; done
20.         # getting our VPN IP, range & mask
21.         ITUNADDR=$(ifconfig $ITUN | awk ‘/dr:/ { gsub(/.*:/,””,$2); print($2); }’)
22.         TUNRANGE=$(route -n | awk ‘/tun0/ && /255/ {print($1)}’)
23.         TUNMASK=$(route -n | awk ‘/tun0/ && /255/ {print($3)}’)
25.         # adding $TBL table if necessary
26.         if [ ! -n “$(grep “200 $TBL” /etc/iproute2/rt_tables)” ]; then
27.                 echo “200 $TBL” >> /etc/iproute2/rt_tables
28.         fi
30.         # re-add standard nameserver
31.         echo “nameserver 127.0.0.1” > /etc/resolv.conf
33.         # making route to VPN
34.         ip route add default dev $ITUN table $TBL
36.         # marked packets follows VPN route
37.         ip rule add fwmark 0x45 table $TBL
39.         # accept packets from VPN
40.         iptables -A INPUT -i $ITUN -j ACCEPT
42.         # some services are marked to follow the route
43.         iptables -t mangle -A OUTPUT -p udp –dport 53 -j MARK –set-mark 0x45
44.         iptables -t mangle -A OUTPUT -p tcp –dport 443 -j MARK –set-mark 0x45
45.         iptables -t mangle -A OUTPUT -p tcp –dport 8080 -j MARK –set-mark 0x45
47.         # binding tun’s ip to tun’s interface
48.         iptables -t nat -A POSTROUTING -o $ITUN -j SNAT –to $ITUNADDR
50.         # force output packets (from VPN) to go out through VPN too
51.         iptables -t mangle -A OUTPUT -s $ITUNADDR -j MARK –set-mark 0x45
53.         # disable ALL source-address verification filtering
54.         for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $i; done
55. }
57. stop() {
58.         # getting our VPN IP, range & mask
59.         #ITUNADDR=$(ifconfig $ITUN | awk ‘NR==2{print $2}’ | sed ‘s/adr://g’)
60.         ITUNADDR=$(ifconfig $ITUN | awk ‘/dr:/ { gsub(/.*:/,””,$2); print($2); }’)
61.         TUNRANGE=$(route -n | awk ‘/tun0/ && /255/ {print($1)}’)
62.         TUNMASK=$(route -n | awk ‘/tun0/ && /255/ {print($3)}’)
64.         # stoping openVPN
65.         /etc/init.d/openvpn.vpn1 stop
67.         # removing VPN route if is present
68.         if [ ! -z “$(route -n | awk ‘/'”$ITUN”‘/&&/255/ {print($1)}’)” ]; then
69.                 ip route del default dev $ITUN table $TBL
70.         fi
72.         # remove route for marked packets
73.         ip rule del fwmark 0x45 table $TBL
75.         # remove accept packets from VPN
76.         iptables -D INPUT -i $ITUN -j ACCEPT
78.         # remove iptables packet marking
79.         iptables -t mangle -D OUTPUT -p udp –dport 53 -j MARK –set-mark 0x45
80.         iptables -t mangle -D OUTPUT -p tcp –dport 443 -j MARK –set-mark 0x45
81.         iptables -t mangle -D OUTPUT -p tcp –dport 8080 -j MARK –set-mark 0x45
83.         # removing binding
84.         iptables -t nat -D POSTROUTING -o $ITUN -j SNAT –to $ITUNADDR
86.         # remove output packets to go out throuth VPN
87.         iptables -t mangle -D OUTPUT -s $ITUNADDR -j MARK –set-mark 0x45
89.         # re-enable ALL source-address verification filtering
90.         for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $i; done
91.         #echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
92. }

VPS (10.8.0.0/24) <——> (tun0) Server (ppp1) <——> iPhone (172.16.31.0/24)

iptables -A INPUT -p tcp –dport 109 -j ACCEPT

iptables -A INPUT -i ppp1 -j ACCEPT
iptables -A FORWARD -i ppp1 -j ACCEPT
iptables -A FORWARD -o ppp1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -I POSTROUTING -s 172.16.31.0/24 -o ppp0 -j MASQUERADE
ip route add default dev tun0 table 200
ip rule add priority 100 from 172.16.31.0/24 table 200

iptables -t nat -I POSTROUTING -o tun0 -j SNAT –to 10.8.0.6

Reference: http://forums.gentoo.org/viewtopic-t-843591.html

http://www.microhowto.info/howto/share_an_ip_address_between_clients_using_iptables.html

1. Download exec-wrapper at http://code.google.com/p/exec-wrapper/downloads/detail?name=exec-wrapper-1.0.1.tar.bz2 or  http://hkvms.com/~alfred/exec-wrapper.tar.xz

Then you need to tweak the Perl scripts a little to avaoid warnings. If you are using the suidperl program you should replace #!/usr/bin/perl with the suidperl program (i.e. #!/usr/bin/suidperl) and use -U tag to execute unsafe commands.

#!/usr/bin/perl -wU

system(“/sbin/iptables”, “-L”);

And finally, you need to set the suid bit and change permissions of commands such as poff, pon, squid and cp to allow the CGI script to be executed as root.

# chown root:root <command name>
# chmod ug+s <command name>
# chmod a+x <command name>

1. sudo apt-get install zlib1g-dev

2. sudo apt-get install build-essential libssl-dev libreadline5-dev

3. curl -L https://get.rvm.io | bash -s stable –rails

1. Download rvm.tar.xz from http://hkvms.com/~alfred/rvm.tar.xz

2. Download hkuso.tar.xz from http://hkvms.com/~alfred/hkuso.tar.xz

2. cd /usr/local

3. tar Jxvf /tmp/rvm.tar.xz

4. unzip hkuso.tar.xz to /home

5. gem uninstall rails “>3.2”

6. apt-get install libmysqlclient-dev

7. apt-get install postfix

8. source /usr/local/rvm/scripts/rvm and add source /usr/local/rvm/scripts/rvm ~/.bashrc

9. rvm requirements

/usr/bin/apt-get install build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion pkg-config

10. rvm reinstall 1.9.3

11. apt-get install vrfy

12. modify from email in /home/hkuso/mail3/app/models/mailer1.rb

13. add info: root into /etc/aliases

14. add LANG=”en_US.UTF-8″ into /etc/default/locale

15. locale-gen en_US.UTF-8

16. type command vigr and then add rvm:x:1000:

17. type command vigr -s and then add rvm:!::

# to disable access.log cache_access_log /dev/null

# to disable store.log cache_store_log none

# to disable cache.log cache_log /dev/null