Still not able to acheive what i want. Either my network configuration is wrong or I am not able to write iptables rule.
My configuration is
The problem that i am facing is that i want to send any packet(tcp,udp,icmp) from HostA to HostB which must go through Router1 and Router2. For that i added ip forwarding rule
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
Then i add MASQURADE Rule
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
But only Request packet gets its source IP changed not Reply packet does SNAT on Router2 when a Ping packet is sent from HostA to HostB.
Its happening because ip_conntrack but its on Both Router1 and Router2. Then how to hack ip_conntack on Router2 to force it do SNAT?
Does packet always travels without SNAT at Router2? What if same configuration taken as say real ips then Routers attached to same network will does SNAT from either side or not?