LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-09-2023, 07:37 PM   #1
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 699

Rep: Reputation: 131Reputation: 131
Network sharing question with VMs and VPNs.


I currently have a Windows VM that connects to a corporate VPN. I have VirtualBox setup with a "hosts-only" network, which appears in the VM as a network connection. This "host-only" type of network connection can be accessed outside of the VM via whatever ip address you give it inside of the VM.

In Windows, there is a dialog that lets you share this VPN connection with the host-only connection. Once I do that, I can access VPN resources via the hosts-only ip address, outside of the VPN. This works well, I've been doing this for a while. It has limitations. I have to manually set a route for each IP on the VPN I want to access. Since there are only a half dozen of these, this works very well. I do not have, nor do I want, DNS from VPN exposed to my Linux box. No name lookup. I can only access VPN resources by manually setting a route on the linux host, and then I can access it via its ip. I've been doing this for a while now, and it works very well.

So - how do I do this with a Linux VM? In my Linux VM I can see the VPN connection, I think it is gpd1. I see the host-only connection, eth1. I can access this host-only connection via it's ip address outside of the VM. So far so good.

The only step missing is sharing gpd1 through eth1. How, in Linux, do I tell it to share gpd1 through eth1? I do this with Windows and it works but I don't know what it is doing behind the scenes.
 
Old 05-10-2023, 12:20 PM   #2
henca
Member
 
Registered: Aug 2007
Location: Linköping, Sweden
Distribution: Slackware
Posts: 907

Rep: Reputation: 622Reputation: 622Reputation: 622Reputation: 622Reputation: 622Reputation: 622
To configure your linux box as a router it will need to know where to route different packages (it probably already does know that as you have configured your vpn and eth1) and it will need to be told to let other machines send their traffic through its interfaces. You tell your machine to do that with:

Code:
sysctl -w net.ipv4.ip_forward=1
If you think the above solves your problem you probably want to put that command in some startup file like /etc/rc.d/rc.local or you might want to create a file in /etc/sysctl.d.

For example /etc/sysctl.d/if_forward.conf:
Code:
net.ipv4.ip_forward=1
regards Henrik
 
Old 05-10-2023, 01:26 PM   #3
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 699

Original Poster
Rep: Reputation: 131Reputation: 131
Quote:
Originally Posted by henca View Post
To configure your linux box as a router it will need to know where to route different packages (it probably already does know that as you have configured your vpn and eth1) and it will need to be told to let other machines send their traffic through its interfaces. You tell your machine to do that with:

Code:
sysctl -w net.ipv4.ip_forward=1
If you think the above solves your problem you probably want to put that command in some startup file like /etc/rc.d/rc.local or you might want to create a file in /etc/sysctl.d.

For example /etc/sysctl.d/if_forward.conf:
Code:
net.ipv4.ip_forward=1
regards Henrik
How does that tell it to route traffic from gpd0 through eth1?
 
Old 05-10-2023, 01:56 PM   #4
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 699

Original Poster
Rep: Reputation: 131Reputation: 131
This works. Not sure if this is the best way to do it, but it does get the job done.


root@zzz:~# iptables -A FORWARD -o gpd0 -i eth1 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
root@zzz:~# iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
root@zzz:~# iptables -t nat -F POSTROUTING
root@zzz:~# iptables -t nat -A POSTROUTING -o gpd0 -j MASQUERADE
 
Old 05-11-2023, 01:03 AM   #5
henca
Member
 
Registered: Aug 2007
Location: Linköping, Sweden
Distribution: Slackware
Posts: 907

Rep: Reputation: 622Reputation: 622Reputation: 622Reputation: 622Reputation: 622Reputation: 622
Quote:
Originally Posted by Ook View Post
root@zzz:~# iptables -t nat -A POSTROUTING -o gpd0 -j MASQUERADE
That masquerading trick was probably needed because machines in the corporate network did not know how to route to your home network through the VPN.

regards Henrik
 
Old 05-12-2023, 11:02 AM   #6
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 699

Original Poster
Rep: Reputation: 131Reputation: 131
Quote:
Originally Posted by henca View Post
That masquerading trick was probably needed because machines in the corporate network did not know how to route to your home network through the VPN.

regards Henrik
Yeah, that was the biggest problem - how to get from there to here. FWIW, this:

sysctl -w net.ipv4.ip_forward=1

Is *absolutely* necessary. Nothing works without it.
 
Old 05-12-2023, 11:31 AM   #7
elcore
Senior Member
 
Registered: Sep 2014
Distribution: Slackware
Posts: 1,751

Rep: Reputation: Disabled
Quote:
Originally Posted by Ook View Post
sysctl -w net.ipv4.ip_forward=1

Is *absolutely* necessary. Nothing works without it.
It's not at all neccesary because it enables forwarding everywhere on every interface, globally.
More secure practice is to only enable forwarding per specific interface (for example eth0 only):
Code:
echo 1 >/proc/sys/net/ipv4/conf/eth0/forwarding
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How To Migrate Virtualbox VMs Into KVM VMs In Linux LXer Syndicated Linux News 0 07-10-2020 01:01 AM
[Tcptraceroute/Traceroute/Ping] Windows VMs & Linux VMs BiFo Linux - Networking 0 08-24-2010 02:07 PM
LXer: Using Xen With LVM-Based VMs Instead Of Image-Based VMs (Debian Etch) LXer Syndicated Linux News 0 01-14-2009 08:20 PM
Question on VPNs and DMZ setup (plus ssh) knowabitnotalot Linux - Security 5 10-17-2008 01:48 AM
LXer: VPNs Illustrated: Tunnels, VPNS, and IPsec -- A Book Review LXer Syndicated Linux News 0 04-17-2006 07:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration