double NAT - LAN to LAN - question

  rs232

    rs232 Network Guru Member

    Hi all, can you please help me validating this concept below?
    Any input would be greatly appreciated!

    I have two servers located remotely and connected via tomato's openvpn.
    Occasionally for maintenance I need to move Server2 from Site2 to Site1. So basically I have both servers on Site1.
    When I do so I always have to change all the IP addresses (it's an ESXi and have few VMs running with it) to restore at least internet connectivity, but this is not straight forward as I don't use DHCP for the VMs, and in any case I have e.g. few rsync replication scripts referring to specific IP addresses so no easy to manage.

    So I was wondering let's say
    Site1 LAN: - Server1:
    Site2 LAN - Server2:

    Could I add on tomato in Site1 a br2 interface with ip and run an IPTABLES script to SNAT+DNAT everything going between br0 to br2? Assuming I stop the VPN
    to remove the routes to otherwise pointing to tunnel interface.

    The idea is to have the two servers maintaining both internet connectivity and end-to-end IP connectivity between each other within the same physical LAN without changing any IP on the devices.

    Do you see any problem with this scenario?

  rs232

    rs232 Network Guru Member

    Actually, NAT might not even be needed...
    Supposed br0 routes to br2 I would just need to set up vlan tagging to have Server2 into br2 using the same HW and remove the route to the tunnel.
    Am I going the right way?
