Ok I know this sounds crazy but it’s all about Linux and iptables all the way

I’m using a rooted android phone as a VPN router to keep confidential traffic separated between networks

A and B are in the same network, B provides a separate network for C

Device A: Linux ip 192.168.15.32 wlan0 Device B: rooted Android phone with Termux and VPN Hotspot wlan0 ip 192.168.15.21 wlan1 ip 192.168.38.173

Device C: Windows 10 with RDP wlan1 ip 192.168.15.176

I’ve tried the following

A: sudo ip route add 192.168.38.0/24 via 192.168.15.21 dev enp1s0

B: Termux, su: sysctl -w net.ipv4.ip_forward=1


iptables -t nat -A POSTROUTING -s 192.168.38.0/24 -o wlan0 -j MASQUERADE
iptables -A FORWARD -i wlan0 -o wlan1 -s 192.168.15.0/24 -d 192.168.38.0/24 -j ACCEPT
iptables -A FORWARD -i wlan1 -o wlan0 -s 192.168.38.0/24 -d 192.168.15.0/24 -j ACCEPT

C: default route via 192.168.38.173 metric 1

C is solely seeing the internet from B’s VPN, and can even access wlan0’s router, meaning it has access to its internal network. C can ping B, B can ping C

B can ping A and C

A can ping B, but not C, which also means no RDP access

What am I missing ?

  • @[email protected]
    link
    fedilink
    43 months ago

    I’d have to check my iptables syntax again but I’m not sure you want the FORWARD between the networks unless C has a manual route to get traffic for the 192.168.15.0/24 network back via B. You just want to NAT A behind B’s IP on 192.168.38.0/24. I think the forwards are sending the traffic without doing NAT on A.

    • qprimed
      link
      fedilink
      English
      2
      edit-2
      3 months ago

      yes, but you really don’t want to nat if you dont have to - gets too messy too quickly when direct IP connectivity is right there.

      @[email protected] parent comment is correct. check routes on device C. make there is either a default route or a specific route back to A via B.