linux routing tables, tunnels & iptables

Question

I'm trying to figure out how all those components are working together.

my main goal is to route traffic (port 80,443) from my local host (windows 7) network to a remote host on a remote network. meaning, I want to go to 10.50.1.2:80 and get to the remote host (port 4111).

as a first step, I tried to add a route to my local windows host with the following :

route ADD “10.50.1.0” MASK “255.255.255.0” “remote public ip”. 

This did not work. can anyone explain why??

then a tried to route the address to a local linux server

route ADD “10.50.1.0” MASK “255.255.255.0” “192.168.10.78”

than I used iptables & DNAT in prerouting to foreword the packets to the remote public ip

iptables -t nat -A PREROUTING -d 10.50.1.2 -dport 80 -j DNAT --to-destination publicIP:80

traffic did arrived at 192.168.10.78 (verified by tcpdump) but they didn't arrived to the remote host. can anyone explain why?? i even tried to use masquerade in postrouting.

then I started a search and came across tunneling.

can anyone explain why the first & second attempts don't work and how tunneling can help?

Answer 1

Your first attempt: route ADD “10.50.1.0” MASK “255.255.255.0” “remote public ip”

This sets up a route for the network 10.50.0/24 which is reachable through remote public ip. Private IPs are generally not routed on the internet and you're probably able to see why this doesn't work.

Your second attempt: route ADD “10.50.1.0” MASK “255.255.255.0” “192.168.10.78”

Sets up a route for the 10.50.1.0/24 network through the host 192.168.10.78 if that host isn't configured to route traffic for that network it's going nowhere and even than you wouldn't be able to reach the remote machine. You said you did configure NAT/DNAT which would enable that machine to do this but I'm not sure what the correct configuration would be. If you're just interested at web traffic maybe consider using a proxy instead?

As for tunneling it's the process of encapsulating your original request within another connection. But you'd have to be more specific in what context you're using that as there might be nuances that make a huge difference.