Write a route through an IP address that is not in my subnet
There are two servers. Primary (Gentoo) and secondary (virtual/Centos). The main one has an external IP A. A. A. A, the auxiliary one has an external IP B. B. B. B On the auxiliary one, an IPSEC VPN with a service provider is raised. From the auxiliary there is a VPN connection to 172.16.110.1.
It is necessary to connect to 172.16.110.1 from the main one
On the auxiliary one, an OpenVPN client was raised, which connected to my main server + a rule was written
-A POSTROUTING -s ВПН_ИП_ОСНОВНОГО/32 -d 172.16.110.1/32 -j SNAT --to-source B.B.B.B
On the main I prescribing
route add 172.16.110.1/32 gw ВПН_ИП_ВСПОМОГАТЕЛЬНОГО
Everything is fine, only the VPN went down for reasons independent of me and can not be raised yet (please do not ask about it yet).
And here I am trying to make a pass without vpn
route add 172.16.110.1/32 gw B.B.B.B
And on the auxiliary I thought to register
-A POSTROUTING -s A.A.A.A/32 -d 172.16.110.1/32 -j SNAT --to-source B.B.B.B
But when adding
route add 172.16.110.1/32 gw B.B.B.B
returns an error
SIOCADDRT: Network is unreachable
As far as I understand, I can't specify the external IP address of the auxiliary server as the gateway, because it is not in the subnet of the main server.
I would be grateful for any information. Thank you
1 answers
Maybe someone will need it.
The issue was resolved via iptables.
Eth0-external IP address interface 2222-port for connecting to the service provider
On a virtual server:
iptables -t nat -A PREROUTING -p tcp --dport 40001 -i eth0 -j DNAT --to 172.16.110.1:2222
iptables -A FORWARD -p tcp -d 172.16.110.1 --dport 2222 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d 172.16.110.1 --dport 2222 -j MASQUERADE