On 2015-05-26 12:17, Mark Rogers wrote:
I'm sure that if I could make a decent job of explaining what I mean I could Google for this but...
My PC is (say) 192.168.1.10, and it can access a remote device (192.168.2.100) via a VPN.
What I want to do is give my PC an extra IP address (eg 192.168.1.11) and map all network traffic to that IP address (on any port, and including broadcast traffic) to 192.168.2.100, and send any responses back.
It sounds like what you'll need to create is a DNAT on your linux machine. That will require a couple of things to be set up. I'm doing this from memory, so I'd recommend reading up on your distributions forums how to implement NAT forwarding as well, since I may have missed things or suggest something that will get undone automatically for you :)
1) you'll need to add the fixed IP address that you want to listen on to your linux machine. Temporarily that can be done by saying "ip addr add 192.168.1.11/24 dev eth0" assuming your network interface is named eth0 and you're on a 24-bit subnet (that is to say your subnet mask is 255.255.255.0). You should do this the way your Linux Distribution recommends to make it permanent (for Debian/Ubuntu/Mint it'll be set in /etc/network/interfaces, for RedHat/CentOS/Scientific Linux it'll be a configuration in /etc/sysconfig/network-scripts etc)
2) You'll need to enable IP Forwarding - either in /etc/sysctl.conf, or as is recommended in modern distributions a file in /etc/sysctl.d/*.conf, you want to enter the following: "net.ipv4.ip_forward = 1" and apply that by running "sysctl -p"
3) You should add the NAT rules to your netfilter (IPTables) ruleset, and save the rules (in RedHat/Centos this is a simple "service iptables save", in debian/ubuntu/mint you'll need to look at using something like the iptables-persistent package). The rules you need will look something like the following:
iptables -t nat -A PREROUTING -d 192.168.1.11 -j DNAT --to-destination 192.168.2.100 iptables -t nat -A POSTROUTING -s 192.168.2.100 -j SNAT --to-destination 192.168.1.11
Once you have the rules in place, you should see all traffic on that secondary address being NAT'd to the remote host across your VPN.
Hope that at least points you in the right direction. A good (albeit slightly dated) grounding in IPTables and networking can be found in the Linux Advanced Routing and Traffic Control HOWTO at http://www.lartc.org, also the Linux-IP documentation site at http://linux-ip.net has lots of relevant information and examples.
Regards,
Jim