Redirect NAT Traffic of iptables to its source interface
How to redirect NAT traffic of iptables to its source interface?
I am working on wireguard vpn structure that is exotic: for every client that will request vpn session my server will create a unique interface dedicated to one client. Design is simple: Server is 10.0.0.1, client is 10.0.0.2 But... PostUp = iptables -A FORWARD -i intfc -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE PostDown = iptables -D FORWARD -i intfc -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE This sometimes causes connectivity issues if more than one client dedicated interfaces exists and that causes confusion on routing. How to get around of it?. My idea is making NAT redirect its returning traffic from internet to be routed to source interface but dont have experience in iptables at all. |
iptables can send packets to a destination IP. Routing tables determine which interface that will be, not iptables. Have a look at iproute2 (policy based routing). https://lartc.org/howto/
|
Thanks, reading right now. Will report progress.
|
Update:I feel alienated. I always thought fowarding and routing was same many years since i didn't felt to engineer networking stuff.
|
Quote:
Code:
sudo iptables -A PREROUTING -t mangle -p udp --dport 55210 -j MARK --set-mark 55210 |
All times are GMT -5. The time now is 10:06 PM. |