I have a Smoothwall box set up as my main gateway at 192.168.65.1. I also have a Proxmox virtual server at 192.168.65.160 that I use to make outbound VPN connections. Since the Smoothwall box is the default gateway, I want to to set it to route all local 192.168.65.0/24 network traffic bound for VPN destinations (such as the 192.168.1.0/24 subnet) to the 192.168.65.160 address.
Smoothwall is configured with /proc/sys/net/ipv4/ip_forward set to 1. The routing table is set as follows (eth0 = RED interface):
$ ip route
192.168.65.0/24 dev eth1 proto kernel scope link src 192.168.65.1
192.168.1.0/24 via 192.168.65.160 dev eth1
x.x.x.x/xx dev eth0 proto kernel scope link src x.x.x.x
default via x.x.x.x dev eth0
If I ping a VPN address from the Smoothwall box, it works. However, when I try to ping a VPN address from any other host on the local 192.168.65.0/24 subnet, I get a "Destination Port Unreachable" result. If I set a route on the local host to send VPN traffic directly to the 192.168.65.160 gateway, that works. It's only when I try to route VPN traffic through the Smoothwall box that it doesn't get through.
What's going on?