Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So here is what i need:
I want to put the |computer| on the internet with NAT(or masquerade). The problem is that the |vpn router2| has an internet connection on his own and a gre tunnel to |vpn router1|, and the |vpn router1| its the same.
I have put a proxy on the |main server| and all the 10.10.10.0/24 network can see it and they surf the net through that proxy. There is only one computer witch needs a NAT.
With ip route i have put an route to guide the request to the "domain.com" through the tunnel interface and send them to |vpn router1| with make an NAT for the 10.10.10.0 network, so the 10.10.10.0 network can ping their domain. Thai can't ping anything else.
Please tel me how can i NAT the 10.10.10.14 host to 192.168.1.10 so the 10.10.10.14 cat use NAT to surf the net.
Its quite complicated I know, but it's the only way to connect the 2 networks.
THX in advance
The only problem I can see is that your 'Main Server' may not know how to nat traffic coming from 10.10.10.14 as it doesn't have a local interface within that subnet. ie: it may have a route for 10.10.10.0/24, but that doesn't necessarily mean it will act as a router. I'm assuming that it has a route for your 10.10.10.0/24 subnet as you've mentioned that web is accessible via the proxy. Check that your 'main server' has IP forwarding enabled so that it can forward between subnets, and that the NAT filter knows about traffic with source IP 10.10.10.14...
Similarly, 10.10.10.14 will need to know that all outbound traffic needs to go over the VPN, so adjust your routing table on 10.10.10.14 as required.
what OS/Platform is the main server, and what are you using for NAT?
the ip_forward is enabled it ok, because ca computers from 192.168.4.0 can be NAT-et. The problem is the 10.10.10.0 network. there is a NAT on the VPN ROUTER1 for the icmps and ip route routes to specific domains.
I have found that if i put an "ip route dev VPN1" for a specific domain i can use the NAT to view that domain.
I need some route to allow only one ip to all domains not all ip to all
OS/Platform for Main is Linux (slackware 2.4.26) and i use iptables.
PS
I've tryied NAt-ing from main server and use the ip of main server as gateway in the 10.10.10.0 netwok, but still no efect
I hav to route the pakets throu the vpn routers, because every vpn router has internet access through his external interface, and it's dificult to route the pachets, because thay are trying to exit throu the internet from the external interfce.
I will try to make a picture... in reality the vpn is more complicated... it is spread throu another vpn.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.