Ok I know this sounds crazy but it’s all about Linux and iptables all the way

I’m using a rooted android phone as a VPN router to keep confidential traffic separated between networks

A and B are in the same network, B provides a separate network for C

Device A: Linux ip 192.168.15.32 wlan0 Device B: rooted Android phone with Termux and VPN Hotspot wlan0 ip 192.168.15.21 wlan1 ip 192.168.38.173

Device C: Windows 10 with RDP wlan1 ip 192.168.15.176

I’ve tried the following

A: sudo ip route add 192.168.38.0/24 via 192.168.15.21 dev enp1s0

B: Termux, su: sysctl -w net.ipv4.ip_forward=1


iptables -t nat -A POSTROUTING -s 192.168.38.0/24 -o wlan0 -j MASQUERADE
iptables -A FORWARD -i wlan0 -o wlan1 -s 192.168.15.0/24 -d 192.168.38.0/24 -j ACCEPT
iptables -A FORWARD -i wlan1 -o wlan0 -s 192.168.38.0/24 -d 192.168.15.0/24 -j ACCEPT

C: default route via 192.168.38.173 metric 1

C is solely seeing the internet from B’s VPN, and can even access wlan0’s router, meaning it has access to its internal network. C can ping B, B can ping C

B can ping A and C

A can ping B, but not C, which also means no RDP access

What am I missing ?

  • qprimed@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 month ago

    yes, but you really don’t want to nat if you dont have to - gets too messy too quickly when direct IP connectivity is right there.

    @[email protected] parent comment is correct. check routes on device C. make there is either a default route or a specific route back to A via B.