[ALUG] Mapping a local IP to a remote one

Jim Rippon jim at rippon.me.uk
Tue May 26 12:56:42 BST 2015


On 2015-05-26 12:17, Mark Rogers wrote:
> I'm sure that if I could make a decent job of explaining what I mean I
> could Google for this but...
> 
> My PC is (say) 192.168.1.10, and it can access a remote device
> (192.168.2.100) via a VPN.
> 
> What I want to do is give my PC an extra IP address (eg 192.168.1.11)
> and map all network traffic to that IP address (on any port, and
> including broadcast traffic) to 192.168.2.100, and send any responses
> back.

It sounds like what you'll need to create is a DNAT on your linux 
machine.  That will require a couple of things to be set up.  I'm doing 
this from memory, so I'd recommend reading up on your distributions 
forums how to implement NAT forwarding as well, since I may have missed 
things or suggest something that will get undone automatically for you 
:)

1) you'll need to add the fixed IP address that you want to listen on to 
your linux machine.  Temporarily that can be done by saying "ip addr add 
192.168.1.11/24 dev eth0" assuming your network interface is named eth0 
and you're on a 24-bit subnet (that is to say your subnet mask is 
255.255.255.0).  You should do this the way your Linux Distribution 
recommends to make it permanent (for Debian/Ubuntu/Mint it'll be set in 
/etc/network/interfaces, for RedHat/CentOS/Scientific Linux it'll be a 
configuration in /etc/sysconfig/network-scripts etc)

2) You'll need to enable IP Forwarding - either in /etc/sysctl.conf, or 
as is recommended in modern distributions a file in 
/etc/sysctl.d/*.conf, you want to enter the following: 
"net.ipv4.ip_forward = 1" and apply that by running "sysctl -p"

3) You should add the NAT rules to your netfilter (IPTables) ruleset, 
and save the rules (in RedHat/Centos this is a simple "service iptables 
save", in debian/ubuntu/mint you'll need to look at using something like 
the iptables-persistent package).  The rules you need will look 
something like the following:

iptables -t nat -A PREROUTING -d 192.168.1.11 -j DNAT --to-destination 
192.168.2.100
iptables -t nat -A POSTROUTING -s 192.168.2.100 -j SNAT --to-destination 
192.168.1.11

Once you have the rules in place, you should see all traffic on that 
secondary address being NAT'd to the remote host across your VPN.

Hope that at least points you in the right direction.  A good (albeit 
slightly dated) grounding in IPTables and networking can be found in the 
Linux Advanced Routing and Traffic Control HOWTO at 
http://www.lartc.org, also the Linux-IP documentation site at 
http://linux-ip.net has lots of relevant information and examples.

Regards,

Jim



More information about the main mailing list