I connected two networks, but I can't set the routing directly because of the duplicate IP address. Therefore, I want to convert the connection destination IP to an unused IP range.
Two Linux servers GW1 and GW2 were connected to communicate Host H1 (192.168.30.10) and H2 (192.168.1.10). However, since the 192.168.0.1/24 subnet to which H2 belongs is used by Network 2, it is not possible to set the routing directly to GW1 for communication.
(Network 1)
.10 192.168.30.0/24 .1 .1 192.168.1.0/24
[H1]======================[ GW1 ]================
192.168.99.1 ||
||
192.168.99.2 ||
eth1 || .1 192.168.1.0/24 .10
[ GW2 ]====================[H2]
(Network 2)
By using iptables NETMAP, the IP address of H2 seen from Network 1 is converted to another subnet that is not used by Network 1.
Former story https://serverfault.com/questions/109569/iptables-massive-11-nat
Here, address translation is performed so that the host on the subnet to which H2 belongs can be accessed with 192.0.2.x / 24.
Add the following settings to GW2.
iptables -t nat -A PREROUTING -d 192.0.2.0/24 -i eth1 -j NETMAP --to 192.168.1.0/24
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j NETMAP --to 192.0.2.0/24
In order to limit the range of destinations for address translation to Network 1, the target is limited by the connected interface. Without this, the address will be translated to another subnet in Network2.
Add static routing. Set the routing to 192.0.2.0/24 in GW1
ip route add 192.0.2.0/24 via 192.168.99.2
Set the routing for 192.0.2.0/24 in H1 as well. (Not required if GW1 is the default gateway)
Set the routing for 192.168.30.0/24 in GW2.
ip route add 192.168.30.0/24 via 192.168.99.1
Set the routing for 192.168.30.0/24 in H2 as well. (Not required if GW1 is the default gateway)
With the settings up to this point, H1 and H2 can communicate.
Communication from H1 to H2: Specify the converted address
h1$ ping 192.0.2.10
h1$ ssh 192.0.2.10
Communication from H2 to H1: Specify the address of H1 as it is
h2$ ping 192.168.30.10
h2$ ssh 1192.168.30.10
In H1, the communication from H2 appears as the communication connected from 192.0.2.10 after conversion.
If communication is started only in the direction from H1 to H2, setting SNAT in GW2 eliminates the need for routing settings on the H2 side. In this case, in H2, the communication from H1 looks like a connection from GW2.
Add the following to GW2
iptables -t nat -A POSTROUTING -d 192.168.1.0/24 -j SNAT --to-source 192.168.1.1
192.168.1.1 is the IP address of GW2
Articles on SNAT / DNAT that rewrite IPs destined for a single host can be found in various places, but I could not find an article on how to replace the IP address of the entire subnet range, so I summarized it here.