How to forward a port to a local machine connected to vpn softether?

B

Bega2021-02-10 09:11:04

linux

Bega, 2021-02-10 09:11:04

The guys had a problem with port forwarding to the machine connected to the softether vpn server.
On the server, in the softether server itself, a local brodge was created with a link to BridgeCreate hubname -device:virty -tap:yes
the ifconfig output tap:

tap_virty: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.234.1  netmask 255.255.255.0  broadcast 192.168.234.255
        inet6 fe80::5ca2:82ff:fe4a:181a  prefixlen 64  scopeid 0x20<link>
        ether 5e:a2:82:4a:18:1a  txqueuelen 1000  (Ethernet)
        RX packets 193541  bytes 39671869 (39.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 206111  bytes 155683121 (155.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

IP distributes dnsmasq, port forward is enabled

[email protected]:~# sysctl -p
net.ipv4.ip_forward = 1

client connected to vpn has address 192.168.234.15
added rules to iptables

iptables -t nat -A PREROUTING --dst ip ип сервера -p tcp --dport 3389 -j DNAT --to-destination 192.168.234.15:3389

iptables -I FORWARD 1 -i eth0 -o tap_virty -d 192.168.234.15 -p tcp -m tcp --dport 3389 -j ACCEPT

What am I doing wrong?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry, 2021-02-10
@Bega

It is also necessary that the routing be registered all the way from the client to the server. Maybe the server does not know that traffic to the client needs to be routed through the VPN interface?
Try adding a rule

iptables -t nat -I POSTROUTING -o tap_virty -d 192.168.234.15 -p tcp --dport 3389 -j MASQUERADE

If after that access via RDP will work, then there is a problem voiced above.
And show the hit counters for the FORWARD and NAT rules, this will also help you understand what is wrong.