route all traffic through another server with iptables?

arya6000 · 07-30-2017, 08:29 AM

Let's say I have 2 servers

Server A and Server B

I want all traffic from server B to pass through Server A, I understand one way to do this is by using a VPN server on Server A. But as far as I know there is a way to do this by using iptables which will be very reliable.

How can this be achieved by using iptables? both machines are running Debian Linux.

business_kid · 07-30-2017, 11:24 AM

Why not set up a default network route for B through A?

arya6000 · 07-30-2017, 12:10 PM

Quote:

Originally Posted by business_kid

Why not set up a default network route for B through A?

you mean something like this?

Code:

ip route del default  
ip route add default via IP_of_A

I lose my ssh connection as soon as I execute

Code:

ip route del default

business_kid · 07-31-2017, 03:22 AM

Of course you lose your connections when you delete the default route. What else did you expect to happen. If you don't configure things correctly, they shouldn't work.

Try man route. Just running 'route' with no options gives me this

Code:

bash-4.3$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.178.1   0.0.0.0         UG    304    0        0 wlan0
loopback        *               255.0.0.0       U     0      0        0 lo
192.168.178.0   *               255.255.255.0   U     304    0        0 wlan0
bash-4.3$

That's all set up automagically by dhcpcd and I never have to think about it, although I did cover the CCNA1-4 syllabus in former times.

elcore · 07-31-2017, 05:08 AM

Could be the op read somewhere about TPROXY target, but lacks documentation.
I'd suggest starting with:

Code:

man iptables-extensions

However, there are certain rules and regulations involved because it may be considered a MITM attack to use this on external networks.
Should be fine if you own the network, but quite possibly against the forum rules to discuss the abuse of this feature.

LVsFINEST · 08-01-2017, 02:12 PM

Just set server A as the default gateway.