SRC-NAT Private To Multiple Public

[corecreativesca]

Hello everyone,

wondering If I could get some helping hand here.

I have server with a /25 subnet

So basically I have 165.XXX.XXX.2 - 165.XXX.XXX.127 available for use on this server (public)

Softether DHCP server assigns 192.168.30.10-192.168.30.200 to connected clients. (private)

Problem is, connected clients get their outbound traffic routed via 165.XXX.XXX.2 which is the primary public IP of my sofether VPN server.

I want to be able to set up a nat rule, that will utilize the entire block for outbound traffic.

In Mikrotik I simply do this with a NAT rule with src-nat as 192.168.30.10-192.168.30.200, action as src-nat and to address as 165.XXX.XXX.2 - 165.XXX.XXX.127 and it simply uses this public range for outbound traffi. And dynamically changes this for vpn client traffic.

How Do I accomplish this on softether?

[eddiewu]

You need to stop using securenat. Bridge with a tap device instead.
Under securenat the vpn hub is internal and invisible from the system.

[corecreativesca]

Thank you for this feedback.

Could you please provide more information on how to achieve this?

[eddiewu]

viewtopic.php?t=1161

[corecreativesca]

Thanks for this pointer.


Guide says; run: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source VPS.IP.ADDRESS.HERE (for routing the outbound traffic )
In my case will this be a valid rule: (Since I want traffic routed via all available public IPS)

run: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 165.XXX.XXX.2 - 165.XXX.XXX.127

thank you.