How to forward a port to a VPN client?

T

tim892014-08-24 13:37:19

VPN

tim89, 2014-08-24 13:37:19

Good afternoon!
For home, I needed a white IP only for ssh access. Now I found a favorable tariff, but they do not provide white addresses on it. I decided to make myself ssh access through the office of a friend, but so far it does not work :)
At home, a debian server that needs to be accessed.
In the office, a server with a white IP ($EXT_IP).
The home server connects via vpn and gets $LOCAL_VPN_IP.
From the office server, I can easily connect via ssh to my home server using $LOCAL_VPN_IP
On the office gate I write:

iptables -t nat -A PREROUTING -i $EXT_IF -d $EXT_IP -p tcp --dport 5555 -j DNAT --to-destination  $LOCAL_VPN_IP:22

I'm trying to connect using $EXT_IP:5555 - it doesn't work. Moreover, if you write exactly the same rule, but not for the vpn client, but for any computer in the local office network, then everything is ok. Why is that?
Apparently, the task is not of a professional level, and I did not find anything particularly useful in Google.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sergey Petrikov, 2014-08-24
@RicoX

Try like this:

/sbin/iptables -D FORWARD -p tcp -i eth0 -d $ifconfig_pool_remote_ip --dport 22 -j ACCEPT
/sbin/iptables -t nat -D PREROUTING -p tcp -d $PUBLIC_IP --dport 22 -j DNAT --to-destination $ifconfig_pool_remote_ip:22

I

Igor, 2014-08-24
@merryjane

Did you add an allowing rule to the FORWARD chain?
Something like:

iptables -I FORWARD  -p tcp -m tcp - d $LOCAL_VPN_IP --dport 22 -j ACCEPT

T

tim89, 2014-08-24
@tim89

Yes, I tried that too, it didn't work.