1

I have a strange configuration, let's see if you can give me some advice :)

I have two networks (10.X/24 and 20.X/24) conected by a linux machine between them. This linux have two interfaces, each one atached to one of those networks. Devices atached to those networks doesn't have gateway and I can't change that neither install aditional software like vpn's, etc... Also I can't change subnet mask.

What I want is to comunicate one device of each network, and I was thinking is to configure a something like IP FORWARDING but changing the SRC and DST, I think this is more like a NAT. The idea is to do that if I ping to 20.254 (doesnt exist) from 20.50(device from net A), it redirects this packet to 10.50 changing src to 10.254. It's something like virtual IP's.

The main idea is to do this translation:

input eth0 (network A) SRC 20.50 DST 20.254 --> output eth1 SRC 10.254 DST 10.50

input eth1 (network B) SRC 10.50 DST 10.254 --> output eth0 SRC 20.254 DST 20.50

Keep in mind that addreces 10.254 and 20.254 doesnt exists and I use them to contact with the other network BECAUSE I can't set a gateway to ask for unknown networks neither add static routes.

Let's see if someone can give me the best way to do that.

Thanks!

rul3s
  • 15
  • 5
  • So, you can control only the gateway box with two interfaces and you want every machine to access IP .254 to access the other network? – Khaled Feb 23 '17 at 11:56
  • @Khaled exactly! This is what I can and I need to do. Any idea? Now I'm researching about creating those "virtual ips" and then trying to do a NAT... but I don't know if it's a correct way. – rul3s Feb 23 '17 at 12:10

1 Answers1

1

You need to assign these IPs to your gateway box like:

ip addr add 192.168.10.254/24 dev eth0
ip addr add 192.168.20.254/24 dev eth1

Then, you can do the translation using NAT rules like:

iptables -t nat -A PREROUTING -i eth0 -s 192.168.20.50 -d 192.168.20.254 -j DNAT --to-destination 192.168.10.50
iptables -t nat -A POSTROUTING -o eth1 -d 192.168.10.50 -j MASQUERADE

The other translation can be done similarly. Also, the above rules are written based on your translation example. You can generalize the check for subnet using /24 notation.

Khaled
  • 35,688
  • 8
  • 69
  • 98
  • this first part: "ifconfig eth0:1 192.168.10.254 netmask 255.255.255.0" and "ifconfig eth1:1 192.168.20.254 netmask 255.255.255.0" It's the same idea aplied in debian is to create those virtual IP's, yes? I'm actually testing your solution. – rul3s Feb 23 '17 at 12:18
  • this is simply perfect, works like a charm. Thanks you! – rul3s Feb 23 '17 at 17:59