LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   masquerade - add extra private net (https://www.linuxquestions.org/questions/linux-networking-3/masquerade-add-extra-private-net-4175438639/)

qwertyjjj 11-25-2012 10:17 AM
masquerade - add extra private net
 
This is my current routing:
Code:
[root ~]# route -n
Kernel IP routing table
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0        255.255.255.255 UH    0      0        0 tun1
172.16.0.2      0.0.0.0        255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0  UG    0      0        0 tun1
172.16.0.0      172.16.0.2      255.255.255.0  UG    0      0        0 tun0
88.xxx.xxx.0    0.0.0.0        255.255.252.0  U    0      0        0 eth0
169.254.0.0    0.0.0.0        255.255.0.0    U    0      0        0 eth0
0.0.0.0        88.xxx.xxx.1    0.0.0.0        UG    0      0        0 eth0
[root ~]#
I want to add a 3rd network for use with a PPTP VPN.
What private LAN addresses can I use?
10.8.1.x?
How do I add that to the routing?

Also, I have this routing in ioptables, so how do I get the pptp port to be redirected?
Code:

-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 443 -j DNAT --to-destination 88.xxx.xxx.xx9:1194
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j SNAT --to-source 88.xxx.xxx.xx9
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1460
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
just add port 1723?
-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 1723 -j DNAT --to-destination 88.xxx.xxx.xx9:1723
-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o eth0 -j MASQUERADE

qwertyjjj 11-26-2012 01:36 PM
anyone?

qwertyjjj 11-28-2012 11:59 AM
anyone?

routers 11-30-2012 04:02 AM
no need to push/bump up , if need to wait mean have to wait
may i have another work arround for your issue

install virtualbox or any virtual , connect this to vpn server then make this to become gateWay to your lan
so any network pc in your network use this gateWAY will become part off vpn client user

its better than you messs your up routing

qwertyjjj 12-02-2012 04:37 AM
Quote:
Originally Posted by routers (Post 4840051)
no need to push/bump up , if need to wait mean have to wait
may i have another work arround for your issue

install virtualbox or any virtual , connect this to vpn server then make this to become gateWay to your lan
so any network pc in your network use this gateWAY will become part off vpn client user

its better than you messs your up routing
it's a dedicated server though so I really need to use the routing.

routers 12-03-2012 08:17 AM
just give a try

-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o tun1 -j MASQUERADE

and one of my setting is like this below

$IPT -t nat -I PREROUTING -p udp -d 202.191.200.142 --dport 1723 -j DNAT --to 192.168.68.68:1723

maybe you can figure out , i did openvpn server under xen cluster vlan

qwertyjjj 12-03-2012 01:40 PM
Quote:
Originally Posted by routers (Post 4841736)
just give a try

-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o tun1 -j MASQUERADE

and one of my setting is like this below

$IPT -t nat -I PREROUTING -p udp -d 202.191.200.142 --dport 1723 -j DNAT --to 192.168.68.68:1723

maybe you can figure out , i did openvpn server under xen cluster vlan
I think that is there already:
-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o eth0 -j MASQUERADE

Could this be a problem?
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT


All times are GMT -5. The time now is 12:04 AM.