Home / server / Questions / 305353
Accepted
prd
Asked: 2011-08-27 09:11:42 +0800 CST

redirect packet to different gateway

  • 772

I have 2 subnets on 2 different network. Both are connected to internet, and linked via site-to-site openvpn like this:

  1. Subnet A
    • IP: 192.168.1.0/24
    • Gateway: 192.168.1.1
    • Client: 192.168.1.10
    • Public IP: Dynamic
  2. Subnet B
    • IP: 192.168.2.0/24
    • Gateway: 192.168.2.1
    • Public IP: Let's say, 1.1.1.1
  3. OpenVPN tunnel
    • IP: 192.168.3.1 - 192.168.3.2

Now, the problem is one of our computer at subnet A needs to connect to a site, that require a static IP, since that particular site locked their firewall to only open to predefined IP address. The site itself has a couple of randomly allocated IP address, and my client needs to connect to a portal for verification, then get redirected to another random IP.

I think the only way is to move the default gateway to 192.168.2.1, so I put route 192.168.3.2 via 192.168.1.1, and 0.0.0.0/0 via 192.168.3.2. I got error that 192.168.3.2 is unreachable. Is there a way to use 192.168.2.1 as default gateway for that particular computer?

Network Diagram

To other gateway

traceroute to 192.168.2.1 (192.168.2.1), 30 hops max, 40 byte packets
 1  192.168.1.1 (192.168.1.1)  0.695 ms  0.635 ms  0.611 ms
 2  192.168.2.1 (192.168.2.1)  16.102 ms  16.183 ms  16.778 ms

Traceroute for the specific route:

traceroute to 202.3.210.1 (202.3.210.1), 30 hops max, 40 byte packets
 1  192.168.1.1 (192.168.1.1)  0.783 ms  0.719 ms  0.688 ms
 2  192.168.3.2 (192.168.3.2)  12.611 ms  12.768 ms  12.778 ms
 3  linknet-ip-1.1.1.1.link.net.id (1.1.1.1)  28.095 ms  28.741 ms  28.952 ms
 4  202.137.2.5 (202.137.2.5)  28.882 ms  28.861 ms  28.950 ms
 5  202.137.2.25 (202.137.2.25)  28.931 ms  28.909 ms  57.159 ms
 6  telkomsel.openixp.net (218.100.27.187)  57.231 ms  14.208 ms  17.469 ms
 7  114.127.254.1 (114.127.254.1)  17.774 ms  18.123 ms  18.099 ms
 8  114.127.254.9 (114.127.254.9)  18.233 ms  18.217 ms  18.250 ms
 9  * * *
10  * * *
11  * * *
.
.
30  * * *

Normal traceroute to their public network.

traceroute to www.telkomsel.net (68.178.232.99), 30 hops max, 40 byte packets
 1  192.168.1.1 (192.168.1.1)  0.220 ms  0.158 ms  0.169 ms
 2  10.36.192.1 (10.36.192.1)  17.535 ms  17.572 ms  17.549 ms
 3  fm-ip-202.73.96.73.fast.net.id (202.73.96.73)  21.125 ms  21.105 ms  26.445 ms
 4  fm-ip-202.73.96.73.fast.net.id (202.73.96.73)  26.422 ms  26.400 ms  26.377 ms
 5  fm-ip-202.73.96.70.fast.net.id (202.73.96.70)  26.310 ms  26.294 ms  26.271 ms
 6  IP-125-33.MCS.napinfo.net (119.110.125.33)  26.248 ms  26.234 ms  26.212 ms
 7  IP-112-245.MCS.napinfo.net (119.110.112.245)  26.198 ms  20.678 ms  17.875 ms
 8  203.208.131.53 (203.208.131.53)  27.957 ms  27.780 ms  27.628 ms
 9  203.208.152.205 (203.208.152.205)  27.583 ms 203.208.152.209 (203.208.152.209)  27.551 ms 203.208.166.165 (203.208.166.165)  27.365 ms
10  203.208.153.162 (203.208.153.162)  222.498 ms so-3-0-1-0.plapx-cr2.ix.singtel.com (203.208.151.246)  219.745 ms 203.208.153.126 (203.208.153.126)  205.572 ms
11  xe-1-0-0-0.plapx-cr2.ix.singtel.com (203.208.183.169)  220.307 ms 203.208.171.154 (203.208.171.154)  194.131 ms ge-0-0-0-0.plapx-dr1.ix.singtel.com (203.208.149.1)  195.132 ms
12  203.208.169.26 (203.208.169.26)  225.739 ms  220.137 ms  248.199 ms
13  * * *
14  phn-edge-06.inet.qwest.net (205.171.12.142)  209.196 ms  209.183 ms  225.736 ms
15  63-234-235-102.dia.static.qwest.net (63.234.235.102)  209.023 ms  216.370 ms  223.680 ms
16  ip-208-109-112-141.ip.secureserver.net (208.109.112.141)  233.784 ms  223.442 ms  216.054 ms
17  ip-208-109-112-141.ip.secureserver.net (208.109.112.141)  226.400 ms  212.813 ms  214.883 ms
18  * * *
.
.
30  * * *

route -n

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.2     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
202.3.210.1     192.168.3.2     255.255.255.255 UGH   0      0        0 tun0
118.137.103.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.2.0     192.168.3.2     255.255.255.0   UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         118.137.103.1   0.0.0.0         UG    0      0        0 eth1

Sorry, I had to remove the diagram again to be able to save

202.3.210.1 is the portal in question.

firewall routing iptables

2 Answers

  1. 192.168.2.1 isn't local to the computer on the 192.168.1.0 subnet so that's not going to work.

    What you can try is to create a route to the remote network in question on the 192.168.1.1 router that routes through the VPN connection and through site B. Without knowing what devices you're using and what your routing tables look like I can't give you any specific information on what steps to take to accomplish this.

    • 1
  2. Best Answer

    It's been some time, but I have find a workaround using another VPN connection.

    First, create a VPN connection to the destination gateway, directly to 1.1.1.1, not via 192.168.3.1 tunnel. Let's put 192.168.4.1 at gateway B, and 192.168.4.2 on that particular client

    Then add this route to that client:

    route add 1.1.1.1 gw 192.168.1.1 route add default gw 192.168.4.1

    Voila.. you'll be sending packet using that static ip as default

    • 0