Hi,
I am currently setting up a server which connects an internal LAN to
multiple other LANs via VPNs (i.e. my server acts as VPN client,
connecting to multiple VPNs at the same time). Since the addressing of
these LANs is not under my control (including the possibility of
collisions) I would like to remap them to another address space.
The VPNs are PPTP VPNs, so each connected VPN corresponds to one pppX
interface, while my internal LAN is on eth0. Unfortunately using the
SNAT, DNAT or NETMAP targets only allows me to rewrite the destination
address in the PREROUTING chain (i.e. when packets arrive on eth0) and
the source address on the POSTROUTING chain (i.e. when packets leave on
pppX). To avoid collisions on the server itself however I would seem to
need exactly the opposite -- rewriting the destination address from my
"fake address" to the actual address of the remote LAN in POSTROUTING
(when the packet goes out on pppX) and rewriting the source addresses
from the actual addresses of the remote LAN to my "fake" addresses of
incoming packets on pppX in PREROUTING, before my server sees them.
I.e. what I would like is a 1:1 mapping of eg. 10.30.1.0/24 ("fake") to
192.168.0.0/24 (remote LAN), but to have this remapping happen in such a
way that my server sees the 10.30.1.0/24 network for routing so as to
avoid ambiguities on the server itself.
Is there a way to accomplish this with netfilter/iptables? Or is there a
better way to handle such a situation?
bye,
Daniel
