Your configuration generally should work out of the box. Routing in principle is supported by Linux routing code and has nothing to do with Netfilter. "iptables" is userspace utility for configuration of kernel Netfilter framework, which do filtering and packet modification (mangling and address translation), but does not do any routing. So it is incorrect to say "I route using iptables".
Bridging is also different sort of things and isn't supposed to help you here. Bridging of aliased interfaces probably should make a loop and thus break networking in that ethernet segment.
You need routes on both sides, for example, ip route add 192.168.2.0/24 via 192.168.1.103
on hosts in 192.168.1.0/24 network and set up 192.168.2.1 as default gateway on hosts in 192.168.2.0/24 network.
If you have tightly set firewall on firewall box, you need to enable forwarding of traffic from eth1 to eth1:1 and back:
iptables -A FORWARD -i eth1 -o eth1:0 -j ACCEPT
iptables -A FORWARD -o eth1 -i eth1:0 -j ACCEPT
Or you might need only one first rule, if you alredy have configured stateful firewall with iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
or with -m state (obsolete).
Special iptables configuration is only needed if you want to masquerade that traffic, for hosts in 192.168.1.0/24 to not know that you are connecting from 192.168.2.0/24 network. Then you not need any additional routes on .1.0/24 side, but need NAT rule and forward enable rule:
iptables -t nat -A POSTROUTING -o eth1:1 -s 192.168.2.0/24 -o 192.168.1.0/24 -j SNAT --to-source 192.168.1.103
iptables -A FORWARD -i eth1 -o eth1:0 -j ACCEPT
The simplest solution to this is to use service endpoints. Have your users connect to teh VPN to route traffic through the virtual network, then turn on Service Endpoints on your SQL server to only allow traffic from that virtual network.
Best Answer
https://my.esecuredata.com/index.php?/knowledgebase/article/2/add-a-static-route-on-centos
You MUST make sure that the IP address is the start of the CIDR address range you have been allocated, otherwise it will fail.
http://jodies.de/ipcalc
will help you find the CIDR start, of you only have one IP address and mask to go by.