Route Traffic Through Private IP For Only Certain Hosts

Home » CentOS » Route Traffic Through Private IP For Only Certain Hosts
CentOS 2 Comments

Hi

I am having a weird problem which I cant figure out – so I was hoping someone here could give me a hand.

First off the end goal is that a specific server in my network runs an IPSEC connection to another company and I want all other servers to route traffic for the IP on that network through this single server.

Server 1 in this example is the server that runs the IPSEC connection.
(CentOS 6.6)

Server 2 in this example is an app server that would route traffic for only that specific IP through server 1. (CentOS 6.5)

**Some IP’s that will be used below:**

Server 1

Server 1 Public IP: x.x.x.x Server 1 Public Broadcast: x.x.x.y Server 1 Public Gateway: x.x.x.z Server 1 Internal IP: 10.0.64.10/24

Server 2

Server 2 Public IP: y.y.y.y Server 2 Public Broadcast: y.y.y.z Server 2 Public Gateway: y.y.y.a Server 2 Internal IP: 10.0.64.150/24

Those servers have full connectivity between them internally (i.e. I can ping, SSH etc from one to the other without problem). They also both have full acceess to the internet and can be reached that way

——–

2 thoughts on - Route Traffic Through Private IP For Only Certain Hosts

  • Thanks for providing a lot of information. My first guess is that the remote hosts you’re trying to reach don’t have the routes that they require to use the IPSec tunnel. You demonstrated that server 2 has the route it needs to reach the remote network, and that server 1 appears to be routing those packets properly. All of the same setup has to exist on the other side.

  • Hi,

    You can follow below link to setup the IPsec site to site VPN tunnel between two GW.

    < http://www.enterprisenetworkingplanet.com/netsysm/article.php/3845966/Build-an-IPSEC-VPN-Without-Losing-Your-Mind.htm

    After that you have to open up the following port is your Firewall and add route on both gateway for communicating to respective LAN,

    iptables -A input_rule -p esp -j ACCEPT
    iptables -A input_rule -p udp –dport 500 -j ACCEPT
    iptables -A input_rule -p udp –dport 4500 -j ACCEPT

    –Regards Ashishkumar S. Yadav