Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Use Mac as a gateway?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Tatsh
Apprentice
Apprentice


Joined: 22 Jul 2007
Posts: 180

PostPosted: Tue Jul 21, 2020 8:41 am    Post subject: Use Mac as a gateway? Reply with quote

I have a Mac with a special VPN that I cannot run on Linux and I'm thinking, given how my current router setup is, this is what should be possible, given a simple DNS request:

limelight/eno1 (dig @mac specialhost.com) ->
mac with NAT sends this to utun2 interface? ->
Mac gets the response and NATs back to limelight ->
limelight shows the DNS response

limelight = Linux machine

Is this correct?

The Mac has utun2 which seems to have the IP address to the VPN.

macOS uses PF https://www.openbsd.org/faq/pf/filter.html

It seems I need to have a 'nat' rule and a 'rdr' rule to ensure bidrectional NAT.

Anyone done this before? Seems like it should be kind of simple, and all I have to do on the Linux machine is set up static routes or firewall rules (I do use nftables output filtering) that would send certain requests to the Mac.
Back to top
View user's profile Send private message
Banana
l33t
l33t


Joined: 21 May 2004
Posts: 618
Location: Germany

PostPosted: Tue Jul 21, 2020 11:16 am    Post subject: Reply with quote

I do not have done this, but in the past the problem was the VPN connection since it does not allow communication into the local lan or from it. Can be a setting, but so far I had to deal with those kind of special VPN software (cisco, safenet) which did not allow those communications
_________________
My personal space
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46122
Location: 56N 3W

PostPosted: Tue Jul 21, 2020 1:49 pm    Post subject: Reply with quote

Tatsh,

You wan to change you VPN end point, your end, from being for a single host to being for a network?
You either need control of both ends, so that you can change the routing table at both ends or you need to NAT the IP address at you end.

If this is an employer provided VPN, they will get very upset if you succeed, as you will have created a bridge from the outside world to the corporate network.
Corporate VPNs try to make this sort of thing very difficult to stop employees doing just that.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum