PC1 cannot ping PC2 because PC2 doesn’t know how to route back (no default gateway)
Any workaround ??
On RB, masquerade connections to 192.168.1.100. That way they’ll all look like from 192.168.1.1 and PC2 will know where to send replies.
Something like
chain=srcnat action=masquerade dst-address=192.168.1.100 out-interface=ether5 ???
because it doesn’t work…
It should. Make sure you don’t have constant pings running since before you added this rule, because conntrack sees it as “connection” and srcnat is not applied. Just stop it for a minute and then run it again.
All ok,
it was an “accept” rule between two subnets, placed before masquerade one avoiding masquerade itself…
Assuming i have to access multiple occasional machines on 192.168.1.0/24 network, should rules like these work ?
chain=srcnat action=masquerade dst-address=192.168.1.0/24 out-interface=ether5
chain=srcnat action=masquerade src-address=10.0.0.0/24 dst-address=192.168.1.0/24
chain=srcnat action=masquerade out-interface=ether5
They all seems to work, what is the best ?
It depends. If you only have similar devices connected to that port, out-interface is enough. If you have other subnets there and you don’t want masquerade for them, limit it by dst-address. You get the idea…