Hi I am trying to connect machine A (10.102.44.7) in a local network to machine B (10.102.44.13). Machine B is the one that acts as the gateway to the public network.
I want to forward the traffic from A 10.102.44.7:4000 to Machine B 102.44.13, Machine B to connect to remote server C on the internet,and machine B to deliver the response from C to A.
After reading for a while, I manage to gather some instructions using IPtables's NAT and came up with the following:
(Executed on A 10.102.44.7)
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A OUTPUT -p tcp --dport 4000 -j DNAT --to-destination 10.102.44.13
iptables -t nat -A POSTROUTING -p tcp -d 10.102.44.13 --dport 4000 -j SNAT --to-source 10.102.44.7
I'm using the OUTPUT chain since the package I want to modify is originated in A, and is not an incoming package at A, which, as far I have understood, in that case the PREROUTING chain should be used.
Sniffing the packages at B:
The packages seem to be received at B, but not forwarded to C.
What I was expecting from the two commands above is that the DNAT option made B act as NAT, basically replacing the A's ips with B's public address, keeping A's in its NAT entries and sending the package to the remote host C. Then the SNAT option would basically do the opposite (ie, tell B that it should look in it its NAT table and deliver to A). However, this is not happening as shown in the screenshot. Maybe I need to set up something else in B, but I couldn't find a clear reference to this. Another thing that might be the issue is that B’s address in the POSTROUTING and OUTPUT (10.102.44.13) is local, not public. Should I use B’s public?
Btw, ufw is disabled at hosts A and B.
Use case
Hosts A and B are in the same local network with a firewall acting as the gateway to the public network. B has wifi capability, A doesn't. If for some reason the physical link that connects the firewall to the outside world fails, I want A to communicate with B, leveraging its wifi capability.
