Answer the question
In order to leave comments, you need to log in
Access from the Internet to your home network through a VPS - how to finish it?
Good afternoon. I'm not just a Linux novice, I just need to finish off one problem. I hope for your help.
There is a home network - gray IP, behind NAT.
I want to be able to access my home media center (192.168.0.6:9091) from anywhere from my phone/laptop to give it a command to download torrents with movies, even if I'm not at home.
Router Mikrotik RB751.
At what stage am I now:
I bought a VPS on Debian 7.
According to the instructions on the Internet, I managed to set up OpenVPN and set up Mikrotik.
I know how to prescribe an IP range in the router, when accessing which home devices access my VPS server (seen by tracert).
Even though I don't need it
It is necessary on the contrary - so that I can drive "vps_ip: 9021" from any device - and thereby get to the internal interface of my home network (
192.168. page is not available.
It is necessary to somehow forward the ports, chtoli ..?
configs
in iptables:
iptables -t nat -A PREROUTING --dst IP_АДРЕС_СЕРВЕРА -p tcp --dport 9091 -j DNAT --to-destination 192.168.7.6
iptables -t nat -A PREROUTING --dst IP_АДРЕС_СЕРВЕРА -p udp --dport 9091 -j DNAT --to-destination 192.168.7.6
ptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
iptables -A FORWARD -i venet0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT
exit 0
port 1194
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 192.168.7.0 255.255.255.0
push "redirect-gateway"
push "route 192.168.7.0 255.255.255.0"
client-config-dir /etc/openvpn/.ccd
client-to-client
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
cipher AES-256-CBC # AES
auth sha1
;comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 3
keepalive 10 120
ip_forward = 1
Answer the question
In order to leave comments, you need to log in
In FreeBSD, I did it like this:
/etc/natd.conf:
redirect_port tcp 192.168.1.199:25500 25500
Well, of course, it worked through the natd daemon
Check if routing is enabled in the kernel.
Also check the routes that your server and client know about the addresses to which the packets are sent.
And tcpdump will help you with packet tracking.
iptables -nvL see packet counters.
or add iptbales c -j LOG rules and write to the log to understand where and what is "cut".
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question