Routing Problem

adelante · Posted: Fri Sep 16, 2005 5:28 am Post subject: Routing Problem

Hi, I seem to have a bit of a routing problem.

I have a server on my LAN, and an internet server, and there is a VPN setup between them.

LAN VPN IP = 192.168.1.223
LAN Server IP = 192.168.30.223
INTERNET VPN IP = 192.168.1.1
INTERNET Server IP = 209.xxx.xxx.xxx

Now I have setup iptables on the LAN server to POSTROUTE all 192.168.30.223:80 requests to 192.168.1.1:80 (ie: pushing all lan port 80 requests over the VPN to the Internet server)

My Problem is the routing of traffic back from the internet server over the vpn to the lan server.

To my knowledge, what is happening at the moment, is a request is coming to 192.168.30.223:80 and being forwarded to 192.168.1.1:80 correctly, but then 192.168.1.1 doesnt know what to do with the traffic, so it's passing it to it's default gateway, which is an internet router, and that doesnt know wtf to do with it either. (correct me if i am wrong)

How do I tell the Internet server that any traffic coming from the LAN server over the vpn, it must route back the same way it came?

bigfunkymo · Apprentice Joined: 23 Jan 2004 Posts: 237

what is the output of

adelante · Posted: Fri Sep 16, 2005 1:57 pm Post subject:

adelante · Posted: Fri Sep 16, 2005 2:08 pm Post subject:

WOOHOO I GOT IT WORKING!!!

bigfunkymo · Apprentice Joined: 23 Jan 2004 Posts: 237

I assume that is from the "internet server"?

I don't really have a complete picture of what your configuration is, but I'm getting the vibe that you have something like this:

adelante · Posted: Fri Sep 16, 2005 3:02 pm Post subject:

Well this is my actually problem...

We might be moving all our internet servers from 1 hosting provider to another, now I need to come up with a way to have minimal downtime.

Now currently I have a Firewall server, which has like 10 internet ip's bound to it on eth0. eth1 has 192.168.0.1 and the rest of the servers are on the 192.168.0.0/24 network. Then I just NAT ip:port to the internal servers from the firewall.

So what I was thinking of doing while dns changes and stuff, was to move all our servers to a new location, and setup vpn's from the firewall to the servers at the new location, then instead of doing the natting to the internal 192.168.0.0/24 i could push it through the vpn connections.

Unless you have a better idea on how to make a migration from one provider to another? I wish I could keep the same IP addresses, but obviously that isnt an option...

bigfunkymo · Apprentice Joined: 23 Jan 2004 Posts: 237

for that situation, your idea doesn't seem so bad. I've never had to do such a migration myself, though.
_________________
[No package... Grabbing a set.]

almackska · Tux's lil' helper Joined: 16 Sep 2005 Posts: 112

I think i might have the same problem. this is my output when i " route -n "

evilben · Posted: Tue Sep 27, 2005 8:55 pm Post subject:

almackska, I can't tell what your issue is from just the table.

But adelante, I am having the exact problem that you had--packets come in from the vpn and then my machine doesn't know what to do with them--but you're solution didn't work for me. This is the routing table for the machine I need to access from afar: