Use online VM as default Gateway (Jump box)

Question

I have two Ubuntu servers:

Server 1 (IP: 192.168.10.11) is online and connect to two network interface (internal, public)
Server 2 (IP: 192.168.10.10) with no public access (internal)

I am trying to use server1 as a default gateway for server2, and this is what I've done:

# on online server (Jumpbox)
iptables -t nat -A POSTROUTING -s 192.168.10.10 ! -d 192.168.30.1/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

# On offline server
route add default gw 192.168.10.11

Docker is installed on both (172.17.0.0)

They can PING each other, but from server2 it is not possible to PING Google.

try this on jumpbox: iptables -t nat -A POSTROUTING -o public_internet_interface -j MASQUERADE — Martynas Saint, Sep 12 '21 at 08:06
@MartynasSaint I will get error when I add the interface name _No ... by that name_ — GeoCom, Sep 12 '21 at 09:04
try to see if the rule is hit - iptables -vL . maybe docker puts some rules that are matched first — Martynas Saint, Sep 12 '21 at 09:25

score 0 · Answer 1 · answered Sep 13 '21 at 12:20

Debian Style (the lazy way):

edit /etc/network/interfaces

iface eth0 inet static
address  10.0.0.1
netmask  255.0.0.0
post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/8' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/8' -o eth0 -j MASQUERADE

The Lazy Crontab Way:

edit /etc/crontab

@reboot root "echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -t nat -A POSTROUTING -s '10.0.0.0/8' -o eth0 -j MASQUERADE; iptables -t nat -D POSTROUTING -s '10.0.0.0/8' -o eth0 -j MASQUERADE"

Bash Style:

nano /root/allow_lan_nat.sh
You have to ajust the correct LAN that fits to you which might
192.168.0.0/24 (One Lan Subnet, Default Class C)
192.168.0.0/16 (all Subnets of 192.168)
172.16.0.0/16 (Default Class B)
10.0.0.0/8 (Default Class A)

#!/bin/bash
#Ajust the LAN, as above shown
MYLANIP=10.0.0.0/8

#The IFACE that has Internet.
MYINETIFACE=eth0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s $MYLANIP -o $MYINETIFACE -j MASQUERADE
iptables -t nat -D POSTROUTING -s $MYLANIP -o $MYINETIFACE -j MASQUERADE

run bash /root/allow_lan_nat.sh

Direct answer to your question

Remind, that at i state this Answer, i dont know the Interface, so i assume ens3 s your interface that face to the internet, else update it like above

echo 1 > /proc/sys/net/ipv4/ip_forward  
iptables -t nat -A POSTROUTING -s '192.168.10.0/24' -o ens3 -j MASQUERADE  
iptables -t nat -D POSTROUTING -s '192.168.10.0/24' -o ens3 -j MASQUERADE

REMIND, ens3 must be the internet facing interface so update it to your needs.

Use online VM as default Gateway (Jump box)

1 Answers1

Debian Style (the lazy way):

The Lazy Crontab Way:

Bash Style:

Direct answer to your question