I am looking to send traffic from the 192.168,1,0/24 to destination IP to VPN interface. I don't wont to route all my traffic just the block of CDIRs e.g for example 3.0.0.0/15 from Amazon.
Can this be done with iptables? without Policy Based Routing?
So far i have tired (without success)
iptables -t nat -A PREROUTING -d 3.0.0.0/15 -j DNAT --to-destination [VPN IP]
when trying to traceroute, i just hit 3.0.0.3
francis@arch16core:~$ traceroute 3.0.0.3
traceroute to 3.0.0.3 (3.0.0.3), 64 hops max
1 3.0.0.3 0.346ms 0.210ms 0.183ms
iptables -L -vt nat -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
170 27048 prerouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom prerouting rule chain */
148 18289 zone_lan_prerouting all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
22 8759 zone_wan_prerouting all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_vpn_prerouting all -- VPN * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 DNAT all -- * * 0.0.0.0/0 3.0.0.0/15 to:10.XX.XX.XX
iptables -t nat -A PREROUTING -d 3.0.0.0/15 -o VPN
but just get
iptables v1.8.7 (legacy): Can't use -o with PREROUTING