Help with IPTables - Masquerading + Forwarding, 1-to-1?
Posted
by
Artiom Chilaru
on Ask Ubuntu
See other posts from Ask Ubuntu
or by Artiom Chilaru
Published on 2011-03-14T10:00:41Z
Indexed on
2011/03/14
16:21 UTC
Read the original article
Hit count: 396
iptables
|port-forwarding
I've got a clean Ubuntu Server 10.10 with OpenSSH, OpenVPN and vsFTPd installed.
The server is running as a VM on the Hyper-V server (hypervisor), has two network interfaces mapped to physical adapters (eth0
and eth1
), and a virtual interface with a direct connection to the hypervisor (eth2
). The VPN will create a tun0
interface when a client connects.
What I want is the remote user, connecting over VPN to be able to connect to the hypervisor (all ports, ping etc). The initial idea was to make the VPN create a tap0
interface, and bridge eth2
to tap0
, but this didn't work, unfortunately, as it seems that the adapters don't want to go into promiscuous mode (partially confirmed by MS)
At the same time, both the hypervisor and the remove client over VPN can successfully ping/connect to the ubuntu server with no problems. So my plan right now is to try doing some 1-1 masquerading, if possible. Basically, I want every request sent from the VPN client to the ubuntu server to be redurected to the hypervisor instead (with IP translation ofc), and every request from the hypervisor to the ubuntu machine sent to the VPN client (IP translated too).
Only 1 client will be connected at a time to the VPN, so I can force limit it to a single IP at all times, if necessary. Is this the right way to go, and if true, how can this be achieved? It's almost like a special case of port-forwarding, except every single port on tun0
is forwarded to a machine in eth2
, and every port on the eth2
side forwards to an ip on tun0
I guess it could be done with iptables, but I'm rather new in linux, so I can't do it myself... help? :(
© Ask Ubuntu or respective owner