LinuxQuestions.org - How to access VPN + LAN in iptables Firewall

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - How to access VPN + LAN in iptables Firewall (https://www.linuxquestions.org/questions/linux-security-4/how-to-access-vpn-lan-in-iptables-firewall-494014/)

How to access VPN + LAN in iptables Firewall

Hi all

i am facing problem with my lan as well as VPN Connection
1)when i configured windows xp TCP ip with dual ips(public ip + Private ip).
When i need to access the vpn i need to completed removed my lan ip address and put the public ip then i can connect to vpn but not able to access LAN.
2) in dual ip configration situation when i swap ip from lan to public ip the request for vpn connection goes with lan ip at iptable firewall .so the iptable dosnt allow connection for lan ip

3)can u tell me hot can i access my lan as well as vpn with dual ips (both ip i need for vpn ).but when i need to access vpn i can just swap the ip to vpn and connect to von server.

for I.E
{If windows Tcpip configured as dual ip as 1->192.168.10.100 2->203.124.143.*** theris on issue i face that when i swap the ip address(192.168.10.100) to public ip 203.124.143.*** to access the vpn all the request goes from my system to firewall as a 192.168.10.100 instead of 203.124.143.*** also i changed the gatway & all setting

if i removed the 192.168.10.100 ip address & put only 230.124.143.*** ip then vpn connection get establish but very slow so i can't access may lan at this movment because ther is no lan ip in TCP ip}

*** Is there any iptable Script which allow to access Lan When user connecting to VPN (we need Both ip addresss)***

Maybe I'm completely misunderstanding what you're after, but it sounds to me like you're trying to add IP addresses for two different subnets to the same physical interface.

If you want the machine to access the 192.168.10.0 and 203.124.143.0 networks from the same machine, you should have two separate NICs. The 192.168.10.x address on the NIC will only talk to other devices with that same IP scheme, unless you have a bridge with proper routing tables to talk to another subnet with a different IP scheme. The same goes for the 203.124.143.x address. To communicate both directions at the same time, you need separate interfaces for each subnet.

If you just want to have a public hide address for the 192.168.10.x address, or a one-to-one static NAT for it, let the firewall take care of the 203.124.143.x address, not the XP box itself.

Again, sorry if I'm misunderstanding, but this is what I'm getting from your questions.

As i know we can used one lan interface (to client interface) to access lan as well as vpn

we have huge network we cant put to lan card for each system

what i am saying that suppose think that we have id network with

(firwall + AD server file server + client system windows xp)

what script we can used to access file server as well as VPN with public ip set in client tcpip .

i have told u one thing when i swap the lan ip to public ip to access the vpn all request hit the firwall with lan ip this request dosnt go to public ip i have trace this with tcpdump command

So you need multiple internal clients to access a remote VPN? Is the remote VPN only accepting connections from a specific public address or public subnet?

So you need multiple internal clients to access a remote VPN?
Yes

Is the remote VPN only accepting connections from a specific public address or public subnet?
remote VPN Accept Public address only .