I have a VPS with an IPSEC VPN using Strong Swan to a partner network. They are expecting all traffic from my network to come from one NAT'd address. I have the NAT set up successfully outbound to the partner network and can SSH to a server there from my VPS. I'm trying to SSH from the server on the partner network to my VPS and I'm missing something with my iptables NAT rules.
Partner network is 10.143.2.16/28 (coming from host .19)
The NAT they're expecting from me is: 10.2.252.47
My VPS IP (sanitized since it's a public IP): 1.2.3.4
I'm trying to SSH from 10.143.2.19 to 10.2.252.47 (the NAT of the VPS, and trying to access SSH on the VPS 1.2.3.4)
Appreciate the help!
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 10.143.2.16/28anywhere tcp dpt:ssh to:1.2.3.4
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ts-postrouting all -- anywhere anywhere
MASQUERADE all -- 10.8.0.0/24anywhere
SNAT all -- anywhere 10.143.2.16/28to:10.2.252.47
