Join Log in
Score:0
Ricky Du avatar Server

iptables redirect IP from bind to another VPN server

lt flag
Ricky Du

I have a prefix /24 announced by Bind, and a VPN network connects my server from home.

Now assume I announced 1.2.3.0/24 to the network, my VPN network prefix is: 192.168.3.0/24

I am trying to use iptable to redirect the traffic from network to the 1.2.3.5 to the private server 192.168.3.5. Like if I am using ssh 1.2.3.5 -p 22, then it redirects the traffic to the 192.168.3.5.

The iptables I have tried doesn't work at all. I started the iptables on 1.2.3.0/24 and disabled firewall on the 192.168.3.5, here is what I have done:

iptables -t nat -I PREROUTING -d 1.2.3.5 -j DNAT --to-destination 192.168.3.5
iptables -t nat -I POSTROUTING -s 192.168.3.5 -j SNAT --to-source 1.2.3.5

It should work, but it doesn't.

When I use these 2 iptables commands, then I can't ping the 1.2.3.5, it just times out.

Here is my public network server's interface:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:16:f9:20:ac:30 brd ff:ff:ff:ff:ff:ff
    inet PUBLIC IP/24 brd PUBLIC IP GATEWAY scope global noprefixroute dynamic eth0
       valid_lft 1547578sec preferred_lft 1547578sec
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether c6:59:7e:b1:c7:82 brd ff:ff:ff:ff:ff:ff
4: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 2e:c2:03:14:2a:1b brd ff:ff:ff:ff:ff:ff
    inet 1.2.3.5/32 scope global dummy1
       valid_lft forever preferred_lft forever
5: wg0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1290 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ether ee:0c:69:43:d6:46 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.2/24 brd 192.168.3.255 scope global edge0
       valid_lft forever preferred_lft forever
    inet6 fe80::ec0c:69ff:fe43:d646/64 scope link
       valid_lft forever preferred_lft forever

Do I need to add an IP route to specific how the IP be reached? Cause when I used iptables, I can not trace path 1.2.3.5.

Thanks.

22
0 + 0
ip
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.