Ok I know this sounds crazy but it’s all about Linux and iptables all the way
I’m using a rooted android phone as a VPN router to keep confidential traffic separated between networks
A and B are in the same network, B provides a separate network for C
Device A: Linux ip 192.168.15.32 wlan0 Device B: rooted Android phone with Termux and VPN Hotspot wlan0 ip 192.168.15.21 wlan1 ip 192.168.38.173
Device C: Windows 10 with RDP wlan1 ip 192.168.15.176
I’ve tried the following
A:
sudo ip route add 192.168.38.0/24 via 192.168.15.21 dev enp1s0  
B:
Termux, su:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -s 192.168.38.0/24 -o wlan0 -j MASQUERADE
iptables -A FORWARD -i wlan0 -o wlan1 -s 192.168.15.0/24 -d 192.168.38.0/24 -j ACCEPT
iptables -A FORWARD -i wlan1 -o wlan0 -s 192.168.38.0/24 -d 192.168.15.0/24 -j ACCEPT
C: default route via 192.168.38.173 metric 1
C is solely seeing the internet from B’s VPN, and can even access wlan0’s router, meaning it has access to its internal network. C can ping B, B can ping C
B can ping A and C
A can ping B, but not C, which also means no RDP access
What am I missing ?


so it seems that without any config, the traffic passes from wlan1 to wlan0’s network flawlessly; but traffic from wlan0 network stops at the Android device, even with
iptables -P FORWARD ACCEPT, so I’m clueless on what to do next