On Tue, 19 Feb 2008 13:38:16 +0100, Markus Spiller wrote:

> Hello,
>
> I don't want to have two threads, so I made a Fup2 to my first news at
> alt.os.linux.suse.
> I hope this is OK.
>
> I have a routing task here where I need some help.
>
> All systems are running with SuSE 10.2 or 10.3.
>
> All netmasks are 255.255.255.0
>
> -System A has the IP 192.168.1.2 and 192.168.2.1 (this should be the
> router between the two networks)
> -Gateway for Network A is 192.168.1.1 which makes the Internet
> connection -System B has the IP 192.168.1.3 and it is my VPN Server
> -System C has the IP 192.168.1.10
>
> the above is running as I expect.
>
> But now:
> -System D has the IP 192.168.2.2 with Gateway 192.168.2.1
>
> System D is a remote system which I want to control from outside. I want
> to connect System D via VPN and if I'm on System D I want to have an
> Internet connection too.
> But I don't want to be able to connect System D with System C (or other
> systems in
> Network A except System A and System B)
>
> And all this should happened without static routes on System D, just
> default routes and default Gateway.
>
> Is this possible and if yes how?
> What should I have to change or install on System A? IP forward is
> enabled on System A.
>
> Markus


enable packet forwarding on system A (sysctl -w net.ipv4.ip_forward=1)

Use iptables to restrict/allow access.

Either the gateway or System B will need a route to the 192.168.2.0/24
network via the router (192.168.1.2).

Hth.