N
N
Nuke1422015-04-07 00:24:09
Debian
Nuke142, 2015-04-07 00:24:09

Access from the Internet to your home network through a VPS - how to finish it?

Good afternoon. I'm not just a Linux novice, I just need to finish off one problem. I hope for your help.
There is a home network - gray IP, behind NAT.
I want to be able to access my home media center (192.168.0.6:9091) from anywhere from my phone/laptop to give it a command to download torrents with movies, even if I'm not at home.
Router Mikrotik RB751.
At what stage am I now:
I bought a VPS on Debian 7.
According to the instructions on the Internet, I managed to set up OpenVPN and set up Mikrotik.
I know how to prescribe an IP range in the router, when accessing which home devices access my VPS server (seen by tracert).
Even though I don't need it
It is necessary on the contrary - so that I can drive "vps_ip: 9021" from any device - and thereby get to the internal interface of my home network (
192.168. page is not available.
It is necessary to somehow forward the ports, chtoli ..?
configs
in iptables:

iptables -t nat -A PREROUTING --dst IP_АДРЕС_СЕРВЕРА -p tcp --dport 9091 -j DNAT --to-destination 192.168.7.6
iptables -t nat -A PREROUTING --dst IP_АДРЕС_СЕРВЕРА -p udp --dport 9091 -j DNAT --to-destination 192.168.7.6
ptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
iptables -A FORWARD -i venet0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT
exit 0

tun0.conf:
port 1194
proto tcp
dev tun

ca      /etc/openvpn/easy-rsa/keys/ca.crt
cert    /etc/openvpn/easy-rsa/keys/server.crt
key     /etc/openvpn/easy-rsa/keys/server.key
dh      /etc/openvpn/easy-rsa/keys/dh1024.pem

server 192.168.7.0 255.255.255.0

push "redirect-gateway"

push "route 192.168.7.0 255.255.255.0"
client-config-dir /etc/openvpn/.ccd
client-to-client

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

cipher AES-256-CBC   # AES
auth sha1

;comp-lzo
persist-key
persist-tun

status /var/log/openvpn-status.log
log /var/log/openvpn.log

verb 3 
keepalive 10 120

ip_forward = 1

Answer the question

In order to leave comments, you need to log in

2 answer(s)
D
Dmitry, 2015-04-07
@seqular

In FreeBSD, I did it like this:
/etc/natd.conf:
redirect_port tcp 192.168.1.199:25500 25500
Well, of course, it worked through the natd daemon

Y
younghacker, 2015-04-07
@younghacker

Check if routing is enabled in the kernel.
Also check the routes that your server and client know about the addresses to which the packets are sent.
And tcpdump will help you with packet tracking.
iptables -nvL see packet counters.
or add iptbales c -j LOG rules and write to the log to understand where and what is "cut".

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question