(Originally asked on StackOverflow. Thanks Ken White for redirecting me here.)
Ubuntu 16.04 amd64 with 3 NICs
NIC1: External IP $WAN_IP
NIC2: Internal LAN $LAN_IP
NIC3: Infrastructure LAN $INF_IP(the infrastructure LAN is where all the servers reside, purposely away from Desktops and Personal Computers)
I want to port forward requests from NIC1 and NIC2 to a specific server on NIC3. I am able to do this, and everything works properly. My problem is, I am unable to reliably set the --to-source field in iptables.
This is what I have so far:
iptables -A PREROUTING -t nat -p udp -d $WAN_IP --dport 1194 -j DNAT --to-destination 192.168.26.105 # VPN Server on the $INF_IP subnet
iptables -A PREROUTING -t nat -p udp -d $LAN_IP --dport 1194 -j DNAT --to-destination 192.168.26.105
iptables -A PREROUTING -t nat -p udp -d $INF_IP --dport 1194 -j DNAT --to-destination 192.168.26.105
# The above code routes port 1194:udp (openvpn) to the VPN Server 26.105 properly
# The -j SNAT below is where I encounter problems
iptables -A POSTROUTING -t nat -p udp -m udp -s 192.168.26.105 --dport 1194 -j SNAT --to-source ????The above ???? in the POSTROUTING -j SNAT is where I run into the problem. I have 3 potential IPs I can set this to, and no reliable way to set it. If I set it to $WAN_IP, anything on $LAN_IP and $INF_IP will received the incorrect source packets.
How can I use iptables (or alternative) to properly set the SOURCE address regardless of which interface the request comes from.
Thanks in advanced.
2 Reset to default
