1

Let's say I have 2 servers

Server A and Server B

I want all traffic from server B to pass through Server A (like a proxy for the whole system), I understand one way to do this is by using a VPN server on Server A. But as far as I know there is a way to do this by using iptables or ip route which will be very reliable.

How can this be achieved? both machines are running Debian Linux.

Each server is hosted at a different ISP

Improve this question
5
  • Another way is to use a proxy hosted on the server you want to route traffic through
    – Ramhound
    Commented Jul 30, 2017 at 17:52
  • How do you know that method "will be very reliable"?
    – grawity_u1686
    Commented Jul 30, 2017 at 17:59
  • @grawity with VPN the client could lose connection and start using the main connection but with iptables or ip route there is no sessions so it seems like a more simple approach
    – Arya
    Commented Jul 30, 2017 at 18:01
  • If i understand what your asking, have you looked into sshuttle?
    – Gradyn Wursten
    Commented Jul 30, 2017 at 18:18
  • If both servers are in different locations and in different networks, you need some sort of tunnel. A VPN is one way (and it can be configured to re-connect automatically, so it's not unreliable). Other ways are a GRE or an IPIP tunnel, but these are not encrypted and anyone can MITM, so I'd really prefer a VPN in your place ...
    – dirkt
    Commented Aug 8, 2017 at 13:00

2 Answers 2

Reset to default
2

This cannot be achieved unless both computers are in the same subnet.

If they are, then you'd first configure server A as the "default gateway" for B – and similarly the real gateway needs the opposite route towards B via A:

  • on server B: to 0.0.0.0/0 via <A's IP>
  • on real gateway: to <B's IP>/32 via <A's IP>

But if they're on different networks at all (as you said "hosted at a different ISP"), the only way you could use A as the gateway would be to set up a virtual layer-2 network – which is, yes, a VPN.

(This excludes IP "source routing", which has been removed with fire from most modern network stacks due to security issues.)

If you're concerned about privacy (traffic "leaks"), configure server B such that the only default route it has is via the VPN – if it only talks with server A, then it only needs a specific "host route" (a /32 or a /128) towards A. For example:

  • to ::/0 via <A's internal IP>
  • to <A's external IP>/128 via <real default gateway>
Improve this answer
-1

using iptables:

try this: obviously change the interface according to your setup.

iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.3.2

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .