Ok I know this sounds crazy but it’s all about Linux and iptables all the way
I’m using a rooted android phone as a VPN router to keep confidential traffic separated between networks
A and B are in the same network, B provides a separate network for C
Device A: Linux ip 192.168.15.32 wlan0 Device B: rooted Android phone with Termux and VPN Hotspot wlan0 ip 192.168.15.21 wlan1 ip 192.168.38.173
Device C: Windows 10 with RDP wlan1 ip 192.168.15.176
I’ve tried the following
A:
sudo ip route add 192.168.38.0/24 via 192.168.15.21 dev enp1s0
B:
Termux, su:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -s 192.168.38.0/24 -o wlan0 -j MASQUERADE
iptables -A FORWARD -i wlan0 -o wlan1 -s 192.168.15.0/24 -d 192.168.38.0/24 -j ACCEPT
iptables -A FORWARD -i wlan1 -o wlan0 -s 192.168.38.0/24 -d 192.168.15.0/24 -j ACCEPT
C: default route via 192.168.38.173 metric 1
C is solely seeing the internet from B’s VPN, and can even access wlan0’s router, meaning it has access to its internal network. C can ping B, B can ping C
B can ping A and C
A can ping B, but not C, which also means no RDP access
What am I missing ?
I’d have to check my iptables syntax again but I’m not sure you want the FORWARD between the networks unless C has a manual route to get traffic for the 192.168.15.0/24 network back via B. You just want to NAT A behind B’s IP on 192.168.38.0/24. I think the forwards are sending the traffic without doing NAT on A.
yes, but you really don’t want to nat if you dont have to - gets too messy too quickly when direct IP connectivity is right there.
@[email protected] parent comment is correct. check routes on device C. make there is either a default route or a specific route back to A via B.