Answer the question
In order to leave comments, you need to log in
F
F
Falseclock2021-01-06 11:29:17
Falseclock, 2021-01-06 11:29:17
How to make NAT from VPN client to a host on the network?
There is a machine with a VPN client hanging on it, receiving an IP address of 10.8.0.10
trying to make NAT
iptables -t nat -A PREROUTING -p tcp -d 10.8.0.10 --dport 80 -j DNAT --to-destination 192.168.2.106:80
iptables -A FORWARD -p tcp -d 192.168.2.106 --dport 80 -j ACCEPTbut along the way, the machine accesses 192.168.2.106 as from 10.8.0.10 or as from an external client, respectively, the connection is one-way.
What else to add so that the packets go in both directions, that is, so that there is a masquerading?
[~] # iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
SYSDOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SYSDOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type LOCAL
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0/0xffff
VPNNAT all -- 0.0.0.0/0 0.0.0.0/0
SYSNAT all -- 0.0.0.0/0 0.0.0.0/0
Chain SYSDOCKER (2 references)
target prot opt source destination
Chain SYSNAT (1 references)
target prot opt source destination
MASQUERADE all -- 10.0.5.0/24 0.0.0.0/0
MASQUERADE all -- 10.0.3.0/24 0.0.0.0/0
Chain VPNNAT (1 references)
target prot opt source destination
Similar questions
S
M
V
E
T
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question