Network sharing question with VMs and VPNs.
I currently have a Windows VM that connects to a corporate VPN. I have VirtualBox setup with a "hosts-only" network, which appears in the VM as a network connection. This "host-only" type of network connection can be accessed outside of the VM via whatever ip address you give it inside of the VM.
In Windows, there is a dialog that lets you share this VPN connection with the host-only connection. Once I do that, I can access VPN resources via the hosts-only ip address, outside of the VPN. This works well, I've been doing this for a while. It has limitations. I have to manually set a route for each IP on the VPN I want to access. Since there are only a half dozen of these, this works very well. I do not have, nor do I want, DNS from VPN exposed to my Linux box. No name lookup. I can only access VPN resources by manually setting a route on the linux host, and then I can access it via its ip. I've been doing this for a while now, and it works very well. So - how do I do this with a Linux VM? In my Linux VM I can see the VPN connection, I think it is gpd1. I see the host-only connection, eth1. I can access this host-only connection via it's ip address outside of the VM. So far so good. The only step missing is sharing gpd1 through eth1. How, in Linux, do I tell it to share gpd1 through eth1? I do this with Windows and it works but I don't know what it is doing behind the scenes. |
To configure your linux box as a router it will need to know where to route different packages (it probably already does know that as you have configured your vpn and eth1) and it will need to be told to let other machines send their traffic through its interfaces. You tell your machine to do that with:
Code:
sysctl -w net.ipv4.ip_forward=1 For example /etc/sysctl.d/if_forward.conf: Code:
net.ipv4.ip_forward=1 |
Quote:
|
This works. Not sure if this is the best way to do it, but it does get the job done.
root@zzz:~# iptables -A FORWARD -o gpd0 -i eth1 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT root@zzz:~# iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT root@zzz:~# iptables -t nat -F POSTROUTING root@zzz:~# iptables -t nat -A POSTROUTING -o gpd0 -j MASQUERADE |
Quote:
regards Henrik |
Quote:
sysctl -w net.ipv4.ip_forward=1 Is *absolutely* necessary. Nothing works without it. |
Quote:
More secure practice is to only enable forwarding per specific interface (for example eth0 only): Code:
echo 1 >/proc/sys/net/ipv4/conf/eth0/forwarding |
All times are GMT -5. The time now is 11:42 PM. |