> iptables-save и tcpdump отдельно с tun0 и с tun1 root@debian-101:~# iptables-save
# Generated by iptables-save v1.4.14 on Fri Nov 11 11:08:22 2016
*mangle
:PREROUTING ACCEPT [13973:1083817]
:INPUT ACCEPT [13973:1083817]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11490:1302596]
:POSTROUTING ACCEPT [11490:1302596]
-A OUTPUT -m owner --uid-owner 1001 -j MARK --set-xmark 0x1/0xffffffff
-A OUTPUT -m owner --uid-owner 1002 -j MARK --set-xmark 0x2/0xffffffff
COMMIT
# Completed on Fri Nov 11 11:08:22 2016
root@debian-101:~# tcpdump -i tun0 -n -vvv '(tcp or udp) and (! port 22 and ! port 443 and ! port 50413 and ! port 137 and ! port 138)'
tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
11:10:24.839267 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54569: Flags [S.], cksum 0x83f1 (incorrect -> 0x77ab), seq 130576407, ack 2896304585, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:24.839307 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54568: Flags [S.], cksum 0x83f1 (incorrect -> 0x1f7f), seq 4036342834, ack 2388812621, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:24.839322 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54574: Flags [S.], cksum 0x83f1 (incorrect -> 0xbb33), seq 843625650, ack 2370340474, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:25.039222 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54570: Flags [S.], cksum 0x83f1 (incorrect -> 0x8e6c), seq 1362327381, ack 2139283325, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:25.039263 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54573: Flags [S.], cksum 0x83f1 (incorrect -> 0x0a01), seq 502062797, ack 3601651850, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:25.239270 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54575: Flags [S.], cksum 0x83f1 (incorrect -> 0x86c9), seq 4229044544, ack 3179043927, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:25.440049 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54576: Flags [S.], cksum 0x83f1 (incorrect -> 0xef62), seq 3567607939, ack 255099439, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:26.152320 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54568: Flags [S.], cksum 0x83f1 (incorrect -> 0x1f7f), seq 4036342834, ack 2388812621, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:26.162618 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54569: Flags [S.], cksum 0x83f1 (incorrect -> 0x77ab), seq 130576407, ack 2896304585, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:26.172074 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54570: Flags [S.], cksum 0x83f1 (incorrect -> 0x8e6c), seq 1362327381, ack 2139283325, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:26.182990 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54571: Flags [S.], cksum 0x83ed (incorrect -> 0xc9c8), seq 1255202360, ack 3392277755, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:26.183088 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54572: Flags [S.], cksum 0x83ed (incorrect -> 0x256a), seq 961191535, ack 918722072, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:26.193582 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54573: Flags [S.], cksum 0x83f1 (incorrect -> 0x0a01), seq 502062797, ack 3601651850, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:26.412487 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54574: Flags [S.], cksum 0x83f1 (incorrect -> 0xbb33), seq 843625650, ack 2370340474, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:26.422154 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54575: Flags [S.], cksum 0x83f1 (incorrect -> 0x86c9), seq 4229044544, ack 3179043927, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:26.422244 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54576: Flags [S.], cksum 0x83f1 (incorrect -> 0xef62), seq 3567607939, ack 255099439, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:26.422596 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54577: Flags [S.], cksum 0x83ed (incorrect -> 0x9260), seq 2056560559, ack 491388939, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:26.452603 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54579: Flags [S.], cksum 0x83ed (incorrect -> 0x709d), seq 3800131785, ack 3491118584, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:26.452700 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54578: Flags [S.], cksum 0x83ed (incorrect -> 0xac56), seq 3004083807, ack 1261072649, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:27.239273 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54572: Flags [S.], cksum 0x83ed (incorrect -> 0x256a), seq 961191535, ack 918722072, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:27.239314 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54571: Flags [S.], cksum 0x83ed (incorrect -> 0xc9c8), seq 1255202360, ack 3392277755, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:27.353582 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54580: Flags [S.], cksum 0x83f1 (incorrect -> 0xa7cb), seq 2345602805, ack 3185358206, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:27.612636 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54581: Flags [S.], cksum 0x83f1 (incorrect -> 0x3d37), seq 2980981727, ack 1165448622, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:27.639233 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54577: Flags [S.], cksum 0x83ed (incorrect -> 0x9260), seq 2056560559, ack 491388939, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:27.839252 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54579: Flags [S.], cksum 0x83ed (incorrect -> 0x709d), seq 3800131785, ack 3491118584, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:28.039277 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54578: Flags [S.], cksum 0x83ed (incorrect -> 0xac56), seq 3004083807, ack 1261072649, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:28.639275 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54580: Flags [S.], cksum 0x83f1 (incorrect -> 0xa7cb), seq 2345602805, ack 3185358206, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:28.839299 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54581: Flags [S.], cksum 0x83f1 (incorrect -> 0x3d37), seq 2980981727, ack 1165448622, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:29.439248 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54572: Flags [S.], cksum 0x83ed (incorrect -> 0x256a), seq 961191535, ack 918722072, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:29.439292 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54571: Flags [S.], cksum 0x83ed (incorrect -> 0xc9c8), seq 1255202360, ack 3392277755, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:29.839258 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54577: Flags [S.], cksum 0x83ed (incorrect -> 0x9260), seq 2056560559, ack 491388939, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:30.039246 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54579: Flags [S.], cksum 0x83ed (incorrect -> 0x709d), seq 3800131785, ack 3491118584, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:30.039289 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.101.10001 > 192.168.1.21.54578: Flags [S.], cksum 0x83ed (incorrect -> 0xac56), seq 3004083807, ack 1261072649, win 14600, options [mss 1460,nop,nop,sackOK], length 0
11:10:30.358983 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54580: Flags [S.], cksum 0x83f1 (incorrect -> 0xa7cb), seq 2345602805, ack 3185358206, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:30.611905 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54581: Flags [S.], cksum 0x83f1 (incorrect -> 0x3d37), seq 2980981727, ack 1165448622, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:30.840202 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54580: Flags [S.], cksum 0x83f1 (incorrect -> 0xa7cb), seq 2345602805, ack 3185358206, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
11:10:31.039282 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.101.10001 > 192.168.1.21.54581: Flags [S.], cksum 0x83f1 (incorrect -> 0x3d37), seq 2980981727, ack 1165448622, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0
^C
37 packets captured
37 packets received by filter
0 packets dropped by kernel
А через tun1 трафик не идет.
root@debian-101:~# tcpdump -i tun1 -n -vvv '(tcp or udp) and (! port 22 and ! port 443 and ! port 50413 and ! port 137 and ! port 138)'
tcpdump: listening on tun1, link-type RAW (Raw IP), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel