On Wed, Feb 1, 2012 at 23:11, NeilS <neil.s.mailinglists@???> wrote:
> Hello Everyone,
>
> This is probably quite a simple question compared to the last similar
> thread. I'm a bit out of my comfort zone, so I wonder if someone can
> assist.
>
> I am trying to get a server to route a TCP connection to a specific
> destination port between networks. One is a physical network, eth0 and
> the other is a VPN, tun0.
>
> I set up my routing table to ensure traffic for the VPN subnet is
> directed to tun0 and everything else to eth0, turned on port forwarding
> and tried:
>
> iptables -t nat -A PREROUTING -p tcp --dport $TCP_PORT -j DNAT --to
> $DEST_ADDRESS:$TCP_PORT
>
> This doesn't seem to be quite doing the right thing. I took a look at
> the traffic on tun0 using Wireshark. If I try and telnet to the specific
> port on my server from a local machine, packets appear destined for the
> correct remote address, but the source address is that of my local
> machine, i.e. within the range of my local network. Thus I'm not seeing
> any reply as I assume it is going astray in the remote network.
>
> How do I tell iptables I want it to translate the source address to the
> server's address on the VPN interface, tun0? (And to redirect the
> returned packets from that port to my local client machine?)
the reverse of a DNAT (which is Destination NAT), is SNAT (Source NAT), e.g.
iptables -t nat -A POSTROUTING -p tcp --dport $TCP_PORT -j SNAT
--to-source your.host.ip.address
--
Regards,
The Honeymonster aka Daniel Llewellyn
--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------
