Using VirtualBox on Ubuntu, I want to connect two Linux (debian 9) VMs together, so that the first one acts as a router for the second one (VM2), whose traffic is completely routed through the first one (VM1). The VM1 (gateway) is connected to a VPN service and thus all traffic from VM2 is connected to the VPN.
I have managed to have the VM2 successfully ping external IPs such as 8.8.8.8. But all other networking fails. I think the issue is the DNS resolution, which for some reason unknown to me is not resolved by the VM1.
Here is what I have done so far:
On VirtualBox, VM1 is connected to a NAT interface, and a second interface, which is an internal network named "testvpn". VM2 is only connected to this internal network, not to the NAT.
VM1 has the following /etc/network/interfaces configuration:
auto lo
iface lo inet loopback
allow-hotplug enp0s3
iface enp0s3 inet dhcp
allow-hotplug enp0s8
iface enp0s8 inet static
address 10.152.152.10
netmask 255.255.192.0
VM2 has the following /etc/network/interfaces configruation:
auto lo
iface lo inet loopback
allow-hotplug enp0s3
iface enp0s3 inet static
address 10.152.152.15
gateway 10.152.152.10
netmask 255.255.255.0
dns-nameservers 10.152.152.10
VM2's /etc/resolv.conf points to VM1:
nameserver 10.152.152.10
With this simple configuration, VM2 can ping VM1, but has no access to external internet. For this I must allow ip forwarding and configure iptables on VM1:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o enp0s8 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp0s8 -o tun0 -j ACCEPT
Note that I use on purpose tun0 for the VPN network interface, but the results are exactly the same with enp0s3 instead of tun0 without the VPN tunnel activated. Now I can ping external addresses on VM2, but all other network connections fail:
$ curl google.com
curl: (6) Could not resolve host: google.com
After some online reading, I tried to add supposedly DNS related iptables rules on the first gateway VM:
iptables -t nat -A PREROUTING -i enp0s8 -p udp --dport 53 -j REDIRECT
iptables -t nat -A PREROUTING -i enp0s8 -p tcp --dport 53 -j REDIRECT
It doesn't work. Note that networking works fine on the VM1, with or without VPN.
I am not very experimented with iptables and I really don't know what to do next. I tried searching online hours for solutions but couldn't find a solution. I would not like to use dhcp/dnsmasq solutions as I am quite sure iptables should be enough.
T