I'm attempting to forward traffic from a publicly available host to a private host located on a VPN. The TCP packets need to retain the original source IP address.
I've set IP address forwarding:
echo "1" > /proc/sys/net/ipv4/ip_forward
And I've got the traffic forwarding correctly:
iptables -t nat -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.1.0.2:80
iptables -A FORWARD -p tcp -d 10.1.0.2 --dport 80 -j ACCEPT
However, for this to work, I need to set the default gateway for the private host to the public host. This means ALL outbound traffic flows through the public host.
Is there a way to set an alternate route table so that the responses to the forwarded TCP traffic goes to the public host, but everything else stays local?
The VPN is only used for the forwarding, so tagging everything coming from the tun0
interface could work.