Can't figure this out

01-29-2004, 03:59 AM

I have the following network configuration:

ISP1 ISP2 ISP3
| | |
| | |
+----------+ VPN LINK +----------+
| LINUX1 |------------------------| LINUX2 |
+----------+ +----------+
| |
| |
---------------- ----------------
MASQed NETWORK 1 MASQed NETWORK 2

I have LINUX1 load balancing internet traffic coming from "MASQed
NETWORK 1" and that's working fine. The services LINUX1 has visible to
the internet route packets thru the incoming interfase as specified in
the adv-routing-howto. I can also route to "MASQed NETWORK 2" (without
making any NAT).

The thing I want to be able to do is to route outgoing data from
connections coming from the ISP3 IP address to "MASQed NETWORK 1" thru
the VPN LINK and then thru ISP3 to the destination host. Since
VPN-Link is not NATed I can't figure out how to solve it.

Any ideas?

Thanks in advanced.

01-29-2004, 01:30 PM

Santiago <(E-Mail Removed)> wrote:

> ISP1 ISP2 ISP3
> | | |
> | | |
> +----------+ VPN LINK +----------+
> | LINUX1 |------------------------| LINUX2 |
> +----------+ +----------+
> | |
> | |
> ---------------- ----------------
> MASQed NETWORK 1 MASQed NETWORK 2
>
[...]
> The thing I want to be able to do is to route outgoing data from
> connections coming from the ISP3 IP address to "MASQed NETWORK 1" thru
> the VPN LINK and then thru ISP3 to the destination host. Since
> VPN-Link is not NATed I can't figure out how to solve it.

You redirect certain inbound traffic coming in via ISP3 via
DNAT over the VPN to a host on Network 1 and you want the
outbound return traffic to take the same path in reverse
direction, right?

If yes, you need to deploy SNAT or Masquerade on the VPN
link. Something like the following:
Linux2
iptables

Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn

01-29-2004, 01:41 PM

Santiago <(E-Mail Removed)> wrote:

> ISP1 ISP2 ISP3
> | | |
> | | |
> +----------+ VPN LINK +----------+
> | LINUX1 |------------------------| LINUX2 |
> +----------+ +----------+
> | |
> | |
> ---------------- ----------------
> MASQed NETWORK 1 MASQed NETWORK 2
>
[...]
> The thing I want to be able to do is to route outgoing data from
> connections coming from the ISP3 IP address to "MASQed NETWORK 1" thru
> the VPN LINK and then thru ISP3 to the destination host. Since
> VPN-Link is not NATed I can't figure out how to solve it.

You redirect certain inbound traffic coming in via ISP3 via
DNAT over the VPN to a host on Network 1 and you want the
outbound return traffic to take the same path in reverse
direction, right?

If yes, you need to deploy SNAT or Masquerade on the VPN
link. Something like the following:

On Linux2:

iptables -t nat -A PREROUTING -i <Internet intf> --dport 80 \
-j DNAT --to <host on network1>

iptables -t nat -A POSTROUTING -o <VPN intf> -d <network1> \
-s ! <network2> -j MASQUERADE

Untested, use it at your own risk.

Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
I need to figure out what my WEP Kep is	Vynnessia	Wireless Networks	6	12-28-2007 03:02 PM
Figure this one out	Aaron Tech	Windows Networking	4	12-18-2007 04:03 AM
Can't figure out networking PLEASE HELP!!!!!!!	djrave808	Wireless Networks	8	08-31-2007 01:36 PM
Trying to figure out if I can use wireless networking!	Amy	Wireless Networks	3	08-25-2006 04:31 PM
can't figure this out	purple people eater	Windows Networking	3	04-14-2004 09:08 PM