Currently I am using UFW to NAT two IPv4 Subnets to VPN Interfaces like this:
extract of /etc/ufw/before.rules:
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/24 -o vpnif -j MASQUERADE
-A POSTROUTING -s 192.168.2.0/24 -o vpnif -j MASQUERADE
Now I was faced with a request to exclude a host (192.168.2.100) from this NAT towards VPN and let him use the "normal" external interface enp1s0.
I tried adding a rule before the two shown here, like this:
-A POSTROUTING -s 192.168.2.100/32 -o enp1s0 -j MASQUERADE
The rule seems to be added at the right position:
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 192.168.2.100 anywhere
2 MASQUERADE all -- 192.168.1.0/24 anywhere
3 MASQUERADE all -- 192.168.2.0/24 anywhere
But sadly traffic still exits via the VPN interface.... Can someone point me in the right direction here?
Thanks!
