我试图将我的networking连接到IPSec VPN,为此,我的连接需要来自给定的域。 networking如下:
Internal network eth1:10.0.0.1/14 eth0:1.2.3.4 ----------------------------------- MY GW -----------------+ | | 192.168.178.4 4.5.6.7 | SERVER ------------------- VPN GW -----------------+ 我需要从172.30.224.0/28的VPNnetworking中看到,所以在我的网关上,我添加了以下iptables规则:
iptables -t nat -A POSTROUTING -d 192.168.178.4 -j SNAT --to-source 172.30.224.1
然后,从我的内部networking,当我ping 192.168.178.4我得到eth1上的请求和eth0上的响应:
# tcpdump -n -i eth1 host 192.168.178.4 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 15:49:49.854809 IP 10.2.1.172 > 192.168.178.4: ICMP echo request, id 3472, seq 1, length 64 15:49:52.170758 IP 10.2.1.172 > 192.168.178.4: ICMP echo request, id 3479, seq 1, length 64 15:49:53.178692 IP 10.2.1.172 > 192.168.178.4: ICMP echo request, id 3479, seq 2, length 64 # tcpdump -n -i eth0 host 192.168.178.4 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 15:50:36.492856 IP 192.168.178.4 > 172.30.224.1: ICMP echo reply, id 3494, seq 1, length 64 15:50:37.465803 IP 192.168.178.4 > 172.30.224.1: ICMP echo reply, id 3494, seq 2, length 64
问题是我的回应永远不会回到我的主机(在这种情况下是10.2.1.172 )。
网关也被configuration为对内部networking进行SNAT互联网。
我肯定在这里错过了一些东西,但是我被卡住了。 任何帮助将不胜感激。