This machine is not the network gateway, so I've seen some people mention the need for SNAT, but I think the need for this should be alleviated by MASQUERADE. IPTables iptables -A FORWARD -i tun0 -o eth0 -m conntrack -ctstate NEW -j iptables -A FORWARD -m conntrack -ctstate ESTABLISHED,RELATED -j iptables -t nat -A POSTROUTING -o eth0 -j iptables -t nat -A PREROUTING -d 10.8.0.0/17 -j DNAT -to-destination 10.0.0.0-10.0.127.255
Note: This is my first time setting up routing between two networks, if there's any obvious mistakes or inconsistency with normal conventions please address it, I'm still learning. How do I write the (first 17 bit/last 15 bits) of the destination into a new destination.Ī more clear example of what I'm aiming to achieve is 10.8.0.100 in the VPN correlates to 10.0.0.100 in my LAN network. # This allows you to DNAT connections in a round-robin way over a given range of destination addresses. I imagine the culprit of this problem is iptables -t nat -A PREROUTING -d 10.8.0.0/17 -j DNAT -to-destination 10.0.0.0-10.0.127.255 The problem - Translate 10.8.a.b to 10.0.a.b ?
0 kommentar(er)
