Code: Select all
+----------------------------------------------------+
Client using OpenVPN ---> |-NIC 1 [Public] VPN Server NIC 2 [Trusted]-| ---> Target Servers
| [VPN NIC - Trusted] |
+----------------------------------------------------+
NIC 1: a.b.c.d/24
NIC 2: w.x.y.z/18
Target Servers: e.f.g.h / e.f.i.j / e.f.k.l
Firewalld is running. There are two active zones "Public" containing NIC 1 and "Trusted" containing NIC 2 and the NIC the VPN creates (10.8.0.1)
The client wants to get to the target servers. The VPN is allowing traffic to flow through to NIC 2 but there are rules outside our control between NIC 2 and the Target Server that only allows source IPs from the w.x.y.z/18 subnet to be allowed through. The source IP of the packets coming from the VPN is that of NIC 1. I was hoping that we'd be able to masquerade once the client's traffic got to NIC 2.
Is there a way with firewall-cmd rules (rich/direct/...) that would allow us to do source NATting on the client traffic before it gets put on NIC 2? [Also, should the VPN NIC be placed in a different zone?]
Alternatively, is there something we could do in the OpenVPN server?
TIA... Neale