Hacker News new | ask | show | jobs
by direwolf20 142 days ago
It's not enough to set fake routes. You have to edit the addresses in the packets, so the end devices will receive them.
2 comments
Frotag 142 days ago
Yeah so instead DNAT, use NETMAP on the gateway device to that LAN. (Sorry if I'm abusing the terminology, I only do this stuff like once a year for homelab.)

eg this is what I'm currently using to alias my home network

    # Rewrite 192.168.150.?? as 192.168.50.??
    PreUp = iptables -t nat -A PREROUTING -d 192.168.150.0/24 -j NETMAP --to 192.168.50.0/24
    PostDown = iptables -t nat -D PREROUTING -d 192.168.150.0/24 -j NETMAP --to 192.168.50.0/24
With other wg peers getting a 192.168.150.0/24 entry in the AllowedIPs for this gateway (if needed).
link
pcarroll 142 days ago
The problem there is you still need to keep track of the subnets. It works for a while, but it's quite complex. NAT is actually easier when you get into hundreds of sites.
link