there is a PC inside the vpn network (10.8.0.0/24)

within the same network there is a server with Linux that has access to the subnet (10.10.0.0/24)

Task: give PC access to the subnet 10.10.0.0

As I understand it, you need to make the server a gateway and configure routing. I registered the route to the PC, specifying the server's IP gateway.

The problem is that I can’t find information on how to configure the gateway to a specific subnet. Constantly stumble only on the fact "how to share an intiq".

How it's done? I know how to create a gateway on a bus or a long one, but I don’t understand something with the server.

  • echo 1 > /proc/sys/net/ipv4/ip_forward , iptables -A FORWARD -j ACCEPT . - user194374
  • one
    How to share an inetics - in fact, this is the very thing. // to help you diagnose problems, please provide a conclusion ip a; ip r ip a; ip r on all three key points - “pc within network”, “server”, “computer inside subnet 10.10.0.0/24” - aleksandr barakin
  • If you are given an exhaustive answer, mark it as correct (a daw opposite the selected answer). - Nicolas Chabanovsky

1 answer 1

if on the computers in the subnet the default gateway indicates the use of the server you are configuring, then it is sufficient:

  • Allow packet transfer between interfaces on this server:

     $ echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

    in order for this setting to be applied even after a reboot, uncomment (or add, if not) the line in /etc/sysctl.conf :

     net.ipv4.ip_forward=1
  • check that these packets are not distorted or blocked by netfilter (see the output of $ sudo iptables-save ).

if, on these computers, the default gateway is another machine (or no one is specified at all), then, in addition to allowing the transfer of packets between interfaces, you will have to “distort” these packets.

at a minimum, a source address must be substituted for packets arriving at the “external” interface and addressed to computers on the subnet, as well as a reverse substitution of the destination address for return packets.

Both of these actions can be performed by a netfilter directive called snat ( source nat ). An example of its addition using the iptables program:

 $ sudo iptables -t nat -A POSTROUTING -o интерфейс -j SNAT --to-source ip-адрес

Where:

  • интерфейс is the name of the network interface through which this computer is connected to the target subnet
  • ip-адрес - the address assigned to this interface
  • For iptables , the filter table is selected by default, and SNAT is executed in the nat table, so you need to add -t nat to the command. - user194374 7:26 pm
  • ... and -m tcp -p tcp , perhaps, superfluous ... ;-) - user194374 jul
  • @kff, thanks, corrected copy-paste. - aleksandr barakin