OK, I admit it, this is more of a Linux networking challenge, but it's
one I want to resolve under gentoo.
I have two network interfaces - eth0 and tun0 - and both are (somehow)
connected to the internet. When I have eth0's IP address as my default
route, all my traffic is sent out via my NAT enabled router and is
associated with its dynamic IP address... however, while I can receive
packets on the tun0 interface, replies are sent via eth0, and that means
ping doesn't work and TCP connections to tun0's publicly accessible IP
address fail. When I have tun0's IP address as my default route, all my
traffic (inbound and outbound TCP connections) are routed over tun0...
enabling the previously precluded inbound connections on tun0's publicly
accessible IP address, but which is an unnecessarily inefficient use of
the (more expensive) tun0 interface for outbound connections.
What I really want is for eth0 to be used all the time, except for
packets associated with TCP streams that connected from remote hosts to
tun0's public facing IP address - when tun0 must be used. I don't
need/want to support UDP or other protocols communicating via tun0 - and
TCP connections to tun0 will only arrive on a handful of ports which I
can determine up front.
Should I be using IPTables for this, and - if so - is there a howto
addressing this scenario? Is there a better approach than IPTables?