specify an ip to use for outgoing traffic on a multi ip machine

Fri Jul 28 16:30:01 UTC 2006

Hello

I have 2 distant sites, each having a local lan privately addressed and 
a linux internet gateway. A pptp vpn is set up between the two gateways.

site A :
lan : 172.16.1.0/24
gw : 172.16.1.254
public : 1.1.1.1
vpn : 192.168.1.1

site B :
lan : 172.17.1.0/24
gw : 172.17.1.254
public : 2.2.2.2
vpn : 192.168.1.2

Routing is set up on both sites so that traffic to public addresses is 
nat'ed and sent directly on internet, and traffic to private adresses is 
sent over the vpn. This allows a site B client (say 172.17.1.5) to 
access a site A server (say 172.16.1.6).

There are ip filters on the servers which only allow 172.16.1.0/24 or 
172.17.1.0/24 as valid source addresses. For various reasons I do not 
want the vpn private addresses to be used for anything else than vpn 
traffic and those filters reject 192.168.0.0/16 source addresses.
The problem is that when one of the linux gateways connects to a remote 
private server, it uses it's vpn address as source instead of its 
private lan address. For example, if I telnet from site B's gateway to 
site A server 172.18.1.12, telnet will use 192.168.1.2 as source and the 
connection is refused. Obviously this doesn't occur when I telnet from 
any other site B machine to that server.

Some tools allow to specify which interface to use on multiple interface 
machines, such as ping (with -I) or rsync (with --address), but this is 
not the case for all. My question is, what do I have to do to have each 
gateway use its private lan address for any traffic with other private 
machines on the remote site ?
I thought of iptables rules, but I'm afraid they could mess up the vpn 
routing.
I also thought of ip policy routing, but it would change the path, not 
the source
Maybe a combination of the 2 ?
Or something else ?

Many thanks in advance for any tip

Thierry

The problem

I have a corporate lan with a private ip subnet 172.17.1.0/24.
On this corporate lan I have a vpn server with 2 nics, one on the lan 
with a private ip 172.17.1.254, one on the internet with a public ip 1.1.1.1
On a remote site, I have a local lan with a private ip subnet 172.16.1.0/24
On this lan remote lan I have a linux box acting as an internet gateway, 
one nic with a private ip 172.16.1.254, on on the internet with a public 
ip 2.2.2.2. On this linux box I also have a vpn pptp client going to the 
corporate vpn server. The remote interface has the private ip 
192.168.1.1 and the corporate side interface has the private ip 192.168.1.2.
Routing is set up on both sides so that traffic to public servers is nat'ed

a linux box with 2 nics acting as an internet router for a local lan.
Basically the lan has a private ip subnet, say 172.16.1.0/24 and the lan 
nic a private ip address, say 172.16.1.254
The wan nic goes to a dsl modem and gets a public ip from the isp say 
1.1.1.1
There is also a vpn established with a corporate lan

, the second goes to the lan with a fixed private ip, say 172.18.1.1
A pptp vpn is mounted to reach a company lan with