Hi,
I want to have a namespace connected to a vpn so any programs I run
will use the vpn connection instead of my isp connection. I also want
to be able to forward lan traffic on port 50500 to the namespace as
well.
I'm creating a network namespace (vpn) and a veth pair with veth0 on
the outside with my nic and veth1 inside. In the namespace I add a
default route for veth1 to veth0's ip, and then start openvpn in the
namespace. At this point whatever I do outside the namespace is on my
isp ip, and whatever I do inside the namespace is on the vpn ip. I can
ping veth1 from outside the namespace, and I can ping my nic ip &
veth0 from inside the namespace.
My nic ip is 192.168.1.11, veth0 is 10.1.1.1, and veth1 in the
namespace is 10.1.1.2. And there's a tun0 in the namespace with the
vpn ip.
This is where I get stuck though. From what I've read I believe I need
to setup nat prerouting outside the namespace with:
nft add table nat
nft add chain nat prerouting { type nat hook prerouting priority 0 \; }
nft add chain nat postrouting { type nat hook postrouting priority 100 \; }
nft add rule nat prerouting ip saddr 192.168.1.0/24 tcp dport 50500
dnat 10.1.1.2
I think this is correct so far because I see activity on veth1 when I
run tcpdump in the namespace. But how do I get the traffic back out to
the right lan ip that it came in on?
I'm new to this and really appreciate any help! Thanks!
-Derek
