specify an ip to use for outgoing traffic on a multi ip machine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello

I have 2 distant sites, each having a local lan privately addressed and a linux internet gateway. A pptp vpn is set up between the two gateways.

site A :
lan : 172.16.1.0/24
gw : 172.16.1.254
public : 1.1.1.1
vpn : 192.168.1.1

site B :
lan : 172.17.1.0/24
gw : 172.17.1.254
public : 2.2.2.2
vpn : 192.168.1.2

Routing is set up on both sites so that traffic to public addresses is nat'ed and sent directly on internet, and traffic to private adresses is sent over the vpn. This allows a site B client (say 172.17.1.5) to access a site A server (say 172.16.1.6).

There are ip filters on the servers which only allow 172.16.1.0/24 or 172.17.1.0/24 as valid source addresses. For various reasons I do not want the vpn private addresses to be used for anything else than vpn traffic and those filters reject 192.168.0.0/16 source addresses. The problem is that when one of the linux gateways connects to a remote private server, it uses it's vpn address as source instead of its private lan address. For example, if I telnet from site B's gateway to site A server 172.18.1.12, telnet will use 192.168.1.2 as source and the connection is refused. Obviously this doesn't occur when I telnet from any other site B machine to that server.

Some tools allow to specify which interface to use on multiple interface machines, such as ping (with -I) or rsync (with --address), but this is not the case for all. My question is, what do I have to do to have each gateway use its private lan address for any traffic with other private machines on the remote site ? I thought of iptables rules, but I'm afraid they could mess up the vpn routing. I also thought of ip policy routing, but it would change the path, not the source
Maybe a combination of the 2 ?
Or something else ?

Many thanks in advance for any tip

Thierry

The problem


I have a corporate lan with a private ip subnet 172.17.1.0/24.
On this corporate lan I have a vpn server with 2 nics, one on the lan with a private ip 172.17.1.254, one on the internet with a public ip 1.1.1.1
On a remote site, I have a local lan with a private ip subnet 172.16.1.0/24
On this lan remote lan I have a linux box acting as an internet gateway, one nic with a private ip 172.16.1.254, on on the internet with a public ip 2.2.2.2. On this linux box I also have a vpn pptp client going to the corporate vpn server. The remote interface has the private ip 192.168.1.1 and the corporate side interface has the private ip 192.168.1.2.
Routing is set up on both sides so that traffic to public servers is nat'ed



a linux box with 2 nics acting as an internet router for a local lan.
Basically the lan has a private ip subnet, say 172.16.1.0/24 and the lan nic a private ip address, say 172.16.1.254 The wan nic goes to a dsl modem and gets a public ip from the isp say 1.1.1.1
There is also a vpn established with a corporate lan

, the second goes to the lan with a fixed private ip, say 172.18.1.1
A pptp vpn is mounted to reach a company lan with


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux