source .bash_profile
rvm use 1.9.2 –default

sudo /etc/init.d/kannel stop
sudo -s
bearerbox -v 0
smsbox -v 0 &

rails runner script/send_sms.rb

rails runner script/xmpp4r_forwarder.rb
rails runner script/notifier.rb
bundle exec thin start –server 3

Server Side:

1. Install dnsmasq

2. setup tcp tunnel of openvpn

3. iptables -t nat -I POSTROUTING -s 10.x.x.x/24 -j SNAT –to x.x.x.x

Client Side:

1. Add DNSMASQ_OPTS=”–clear-on-reload” to /etc/default/dnsmasq

2. setup tcp tunnel client of openvpn

3. Add 0 5 * * * lynx -source https://smarthosts.googlecode.com/svn/trunk/dnsmasq.conf | grep address | awk -F / {‘print “server=/”$2″/10.9.0.1″‘} > /etc/dnsmasq.d/smart_host_domain;; /etc/init.d/dnsmasq restart to crontab

4. Modify /etc/resolv.conf to use “nameserver 127.0.0.1” only

ip route add default dev tun0 table 200
ip rule add fwmark 0x45 table 200
iptables -A INPUT -i tun0 -j ACCEPT

iptables -t nat -I POSTROUTING -o tun0 -j SNAT –to 10.8.0.6
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE

# Add the marked packets
iptables -t mangle -I PREROUTING -p tcp –dport 443 -j MARK –set-mark 0x45
iptables -t mangle -I OUTPUT -s 10.8.0.6 -j MARK –set-mark 0x45

# Delete the marked packets

iptables -t mangle -D OUTPUT -p tcp –dport 443 -j MARK –set-mark 0x45
iptables -t mangle -D OUTPUT -s 10.8.0.6 -j MARK –set-mark 0x45

# re-enable ALL source-address verification filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $i; done

1. #!/sbin/runscript
2. # Distributed under the terms of the GNU General Public License v2
5. IFACE=$(netstat -rn | grep UG | awk ‘NR==1{print($8)}’)
6. ITUN=”tun0″
7. TBL=”VPN1″
9. depend() {
10.         use dnsmasq
11. }
13. start() {
14.         # starting openVPN
15.         /etc/init.d/openvpn.vpn1 start
17.         # wait until VPN is fully operationnal [ route is built ]
18.         while [ -z “$(route -n | awk ‘/'”$ITUN”‘/&&/255/ {print($1)}’)” ]; do sleep .25; done
20.         # getting our VPN IP, range & mask
21.         ITUNADDR=$(ifconfig $ITUN | awk ‘/dr:/ { gsub(/.*:/,””,$2); print($2); }’)
22.         TUNRANGE=$(route -n | awk ‘/tun0/ && /255/ {print($1)}’)
23.         TUNMASK=$(route -n | awk ‘/tun0/ && /255/ {print($3)}’)
25.         # adding $TBL table if necessary
26.         if [ ! -n “$(grep “200 $TBL” /etc/iproute2/rt_tables)” ]; then
27.                 echo “200 $TBL” >> /etc/iproute2/rt_tables
28.         fi
30.         # re-add standard nameserver
31.         echo “nameserver 127.0.0.1” > /etc/resolv.conf
33.         # making route to VPN
34.         ip route add default dev $ITUN table $TBL
36.         # marked packets follows VPN route
37.         ip rule add fwmark 0x45 table $TBL
39.         # accept packets from VPN
40.         iptables -A INPUT -i $ITUN -j ACCEPT
42.         # some services are marked to follow the route
43.         iptables -t mangle -A OUTPUT -p udp –dport 53 -j MARK –set-mark 0x45
44.         iptables -t mangle -A OUTPUT -p tcp –dport 443 -j MARK –set-mark 0x45
45.         iptables -t mangle -A OUTPUT -p tcp –dport 8080 -j MARK –set-mark 0x45
47.         # binding tun’s ip to tun’s interface
48.         iptables -t nat -A POSTROUTING -o $ITUN -j SNAT –to $ITUNADDR
50.         # force output packets (from VPN) to go out through VPN too
51.         iptables -t mangle -A OUTPUT -s $ITUNADDR -j MARK –set-mark 0x45
53.         # disable ALL source-address verification filtering
54.         for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $i; done
55. }
57. stop() {
58.         # getting our VPN IP, range & mask
59.         #ITUNADDR=$(ifconfig $ITUN | awk ‘NR==2{print $2}’ | sed ‘s/adr://g’)
60.         ITUNADDR=$(ifconfig $ITUN | awk ‘/dr:/ { gsub(/.*:/,””,$2); print($2); }’)
61.         TUNRANGE=$(route -n | awk ‘/tun0/ && /255/ {print($1)}’)
62.         TUNMASK=$(route -n | awk ‘/tun0/ && /255/ {print($3)}’)
64.         # stoping openVPN
65.         /etc/init.d/openvpn.vpn1 stop
67.         # removing VPN route if is present
68.         if [ ! -z “$(route -n | awk ‘/'”$ITUN”‘/&&/255/ {print($1)}’)” ]; then
69.                 ip route del default dev $ITUN table $TBL
70.         fi
72.         # remove route for marked packets
73.         ip rule del fwmark 0x45 table $TBL
75.         # remove accept packets from VPN
76.         iptables -D INPUT -i $ITUN -j ACCEPT
78.         # remove iptables packet marking
79.         iptables -t mangle -D OUTPUT -p udp –dport 53 -j MARK –set-mark 0x45
80.         iptables -t mangle -D OUTPUT -p tcp –dport 443 -j MARK –set-mark 0x45
81.         iptables -t mangle -D OUTPUT -p tcp –dport 8080 -j MARK –set-mark 0x45
83.         # removing binding
84.         iptables -t nat -D POSTROUTING -o $ITUN -j SNAT –to $ITUNADDR
86.         # remove output packets to go out throuth VPN
87.         iptables -t mangle -D OUTPUT -s $ITUNADDR -j MARK –set-mark 0x45
89.         # re-enable ALL source-address verification filtering
90.         for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $i; done
91.         #echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
92. }

VPS (10.8.0.0/24) <——> (tun0) Server (ppp1) <——> iPhone (172.16.31.0/24)

iptables -A INPUT -p tcp –dport 109 -j ACCEPT

iptables -A INPUT -i ppp1 -j ACCEPT
iptables -A FORWARD -i ppp1 -j ACCEPT
iptables -A FORWARD -o ppp1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -I POSTROUTING -s 172.16.31.0/24 -o ppp0 -j MASQUERADE
ip route add default dev tun0 table 200
ip rule add priority 100 from 172.16.31.0/24 table 200

iptables -t nat -I POSTROUTING -o tun0 -j SNAT –to 10.8.0.6

Reference: http://forums.gentoo.org/viewtopic-t-843591.html

http://www.microhowto.info/howto/share_an_ip_address_between_clients_using_iptables.html