CentOS 5.4, 3 nic-s

Question

I need your help for the following problem:

I have a CentOS server with 3 nics:

eth0:   IP ADDRESS=192.168.4.102 /24
        GW = 192.168.4.1

eth1:   IP ADDRESS=192.168.2.101 /24
        GW = 192.168.4.1

on 192.168.4.1 is a router for exit on Internet.

All ok with routing here. I add another nik connected to a router (192.168.20.1) where is a VPN configured:

eth2:   IP ADDRESS=192.168.20.100 /24
        no gateway defined because I get network nonfunctional if I put one.

On that router I have a connection to the 10.96.0.0/16 network.

I want to route 192.168.20.0/24 and 10.96.0.0/16 on eth1 to be accessible from my LAN (I use as gateway 192.168.2.101).

How could I do that?

Answer 1

You have to add route on your server to 10.96.0.0/16 to VPN router, which IP you did not mentioner. Lets call it 192.168.20.1. And then you have 2 options:

1. to put routes on your VPN router to all networks, that you want to reach, that you use in local lan. Like:
   • 192.168.4.0/24 -> 192.168.20.100
   • 192.168.2.0/24 -> 192.168.20.100
2. other option to NAT 192.168.2.0/24 and 192.168.2.0/24 networks on 192.168.20.100, if you can not change your VPN router config. Downside of this config, that you will be able to access LAN -> VPN, but not VPN -> LAN.

Answer 2

To write the final solution:

iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
iptables -A FORWARD -i eth2 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT

echo > /etc/sysconfig/network-scripts/route-eth2
nano /etc/sysconfig/network-scripts/route-eth2

and enter:

  ADDRESS0=10.96.0.0
  NETMASK0=255.255.0.0
  GATEWAY0=192.168.20.1

all done. final: from LAN I can access 192.168.20.0/24 network and 10.96.0.0/16 network. Reverse (VPN->LAN I don't need)