0

I am attempting to configure a tricky sort of traffic handling node. I'd like to have a node receive traffic over a VPN connection on one NIC, then NAT them out to the internet over a second NIC. I'm starting from the script installed on AWS NAT Instances. The basics of it are below:

sysctl -q -w net.ipv4.ip_forward=1
net.ipv4.conf.eth1.send_redirects=0
iptables -t nat -C POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

I'm a bit clueless as to how I should go about allowing both NICs to reach the internet independently, and how to properly configure eth0 to forward outbound VPN traffic to the internet. Can anyone point me in the right direction?

Tim Brammer
  • 1
  • 1
  • Please clarify. Are you having two (or more) independent ISPs? In that case: Lookup "policy based routing". It is about what outbound path to chose based on source IP on own net. – Lasse Michael Mølgaard Nov 25 '19 at 17:11
  • What do you mean with "allowing both NICs to reach the internet independently". If you only want to use the OpenVPN server as gateway (e.g. `client -> openvpn server tun0 -> masquerade -> openvpn server eth0 -> internet`), even one NIC is enough. – Lenniey Nov 25 '19 at 17:14
  • @Lenniey You are correct, that is my intention. The dual NIC config is an arch requirement to allow for independent security groups on each NIC. – Tim Brammer Nov 25 '19 at 18:38

0 Answers0