Hello
The goal is that all computers on the 192.168.1.0 net should have access
to two identical 10.50.50.0 subnets.
Like this:
____________192.168.1.0 subnet_______________________
|
___|____
| FW |
/ |_______|\
10.50.50.0 -> / \ <-- 10.100.50.0
________ / ____\_____
/ | |
/ |Iptables |____
_________
/ \
| |
__/_____ 10.50.50.0 --> \______| VPN 1
|
|Router1 |
\
|__________________ WAN
10.50.50.0 Subnet (A)
______\_
| |
| VPN 2 |
/
___________________________/
10.50.50.0 Subnet (B)
When computers on the 192.168.1.0 subnet ping 10.50.50.0 the FW routes
10.50.50.0 traffic to Router1 who handles the rest, this works fine.
But when I shall access the other 10.50.50.0 Subnet, who I call Subnet
B, the thoughts were that if I instead use 10.100.50.0, the FW routes
this to the IPTABLES box.
Then mangles this to 10.50.50.0 and then goes through the vpn tunnel and
to the right IP at Subnet B.
Untill now I've got the routing going to the VPN 1 box. Using: iptables
-t nat -A PREROUTING -s 192.168.1.0/25 -d 10.100.50.5 -j DNAT
-to-destination 10.50.50.5
When I ping 10.100.50.5 (linux server on B Subnet) from 192.168.1.35
(linux comp), I LOG in the VPN 1 box:
12206.080946 192.168.1.35 -> 10.50.50.5: icmp: echo request
12207.081074 192.168.1.35 -> 10.50.50.5: icmp: echo request
But it doesn't get any reply.
The output NIC on IPTABLES box is on the 10.100.6.0 net, who also the
VPN 1 box stands on.
The 10.100.6.0 and the 192.168.1.0 net is in a group on the VPN 1 box,
who routes the traffic from these nets to the 10.50.50.0 net via the VPN
TUNNEL.
If I ping from the IPTABLES box to 10.50.50.5, I get echo reply, but not
from the 192.168.1.35 machine.
134.344974 10.100.6.3 -> 10.50.50.5: icmp: echo request
134.491585 10.50.50.5 -> 10.100.6.3: icmp: echo reply
What must I do, will this work at all?
Do I need other rules?
Will be happy for answers/suggestions :-)
