I have a server S, client A and client B. All are Ubuntu boxes and all are in different cities (Seattle, Albuquerque and Boston).
S has wireguard installed and both A and B establish connection to wireguard and end up in the same VPN. A and B see each other and can ping each other.
I was able to get all internet traffic from A being routed through S. So A's IP is shown as Seattle.
I now want to route its traffic through B - so that A's IP is shown as Boston - but I can't find a way to properly configure this.
My iptables on S are configured as:
# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i ext-card -p udp -m udp --dport 51820 -j ACCEPT
-A INPUT -i wg0 -j ACCEPT
-A FORWARD -i wg0 -o ext-card -j ACCEPT
-A FORWARD -i ext-card -o wg0 -j ACCEPT
-A FORWARD -i ext-card -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wg0 -o ext-card -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT
# iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s <LAN-IP> -o ext-card -j MASQUERADE
-A POSTROUTING -o external-card -j MASQUERADE
If I set the same ip tables on B and on A add a route add-default-route B-private-ip - it doesn't work.
I would like some input on:
- how to check if my routing and ip tables are working properly?
- how should the config look on
A, B and S to achieve what I want?
