Redirect traffic from an interface to a VPN tun interface with iptables

I'm trying to achieve something easy but apparently I'm missing something.

In my box I have a VPN client running which created a tun0 interface. The box has external traffic coming from the eth0.

I would like to forward the traffic from eth0 to tun0. I run the following commands:

iptables -A FORWARD -i eth0 -o tun0 -s 192.168.100.0/28 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.100.0/28 -o tun0 -j MASQUERADE

Note that I select the source IPs range because I want to forward only certain range.

Running tcpdump on the eth0 interface I can see the traffic coming in from a machine in the range 192.168.100.0/28 but I can't see traffic going into tun0.

IP forwarding is naturally on.

I'm not sure what I'm really missing here.

IP configuration of eth0 is 192.168.10.93/24 while tun0 is 10.8.8.15/24

➜  ~ ip r
default via 192.168.10.1 dev eth0  metric 100
10.8.8.0/24 dev tun0 scope link  src 10.8.8.15
172.17.0.0/16 dev docker0 scope link  src 172.17.0.1
172.30.32.0/23 dev hassio scope link  src 172.30.32.1
192.168.10.0/24 dev eth0 scope link  src 192.168.10.93  metric 100

Solution 1:

Since this in the end might be about having traffic from 192.168.100.0/28 go out over tun0 This could be resolved by something like:

ip rule add from 192.168.100.0/28 lookup 10000
ip route add default via ${tun0gwip} table 10000

Also keep the iptables MASQUERADE which is needed unless the tun0 gw can route back to your other network.