So there isn't much info out there related to what I am trying to do.
The basic idea is that I setup iptables for a NAT between eth0 (wired, internal side of NAT) and tun0 (virtual, external side of NAT). Then I take the packets from tun0 and encapsulated them and send them out ath0 (wireless) much like a vpn tunnel.
This basic idea works in some situations...namely as long as all the interfaces are on different networks. The problem I have is that the current setup requires that my tun0 be part of the same subnet as the machine that I am receiving all my return traffic from, i.e., the machine ath0 is connected to. After much digging I have found that the kernel just isn't properly routing the packets back to ath0.
I am really confused because I see packets in wireshark when I am capturing on the ath0 dev but my code never receives any of these packets, even though the packets have clearly the same destination IP address as that of my ath0. However if I tear down the NAT and the routes corresponding to tun0 my code receives all the packets.
The only thing I can figure is that the kernel is getting confused since the packet is sourced from an IP on the same subnet as the tun0 device.
Is there a reason why the kernel wouldn't route the packet even though the destination IP address is that of ath0?
Is there any good documentation on when/how the kernel exactly makes it's routing decisions and if the kernel tries to optimize route how it is doing that?
The routing table when using the NAT is the following:
Destination Gateway Genmask Flags Iface
w.x.y.z 0.0.0.0 255.255.255.255 UH ath0
10.10.10.0 0.0.0.0 255.255.255.0 U eth1
0.0.0.0 a.b.c.d 0.0.0.0 UG tun0
0.0.0.0 0.0.0.0 0.0.0.0 U ath0
and the packets that don't get routed are dest_ip=w.x.y.z and source_ip=a.b.c.e
And the setup is like:
internal network ---> eth1 -> NAT -> tun0 ------> ath0 ----> Internet