Answer the question
In order to leave comments, you need to log in
T
T
tarielx2014-09-10 23:21:06
tarielx, 2014-09-10 23:21:06
How to wrap traffic from an external interface to a server in a vpn network?
There is a server, debian, on it is an openvpn server.
# ifconfig
eth0 inet addr:141.0.272.276
lo inet addr:127.0.0.1
tun0 inet addr:10.8.0.1There is a machine behind nat with an openvpn client on it.
# ifconfig
eth0 192.168.1.54
lo inet addr:127.0.0.1
tun0 inet addr:10.8.0.18The machine is running Apache, port 80.
Task: all traffic that goes to the server 141.0.272.276:8888 is redirected to the client, to the address 10.8.0.18:80.
With ssh this would be solved
ssh -L 80:141.0.272.276:8888 [email protected]Now the rules in iptables on the server are:
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:8888 to:10.8.0.18:80
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:kerberos
DROP tcp -- anywhere anywhere tcp dpt:27017
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationin /proc/sys/net/ipv4/ip_forward is written 1
And does not work.
How can I fix it?
1 answer(s)
@typ6o0jiehb
E
ERiC, 2014-09-22 @typ6o0jiehb
well, access inside will look like this:
iptables -t nat -I PREROUTING -d 141.0.272.276 -i eth0 -p tcp -m tcp --dport 8888 -j DNAT --to-destination 10.8.0.18:80
but it matters where traffic will go by default from the target machine. if those. it is necessary to look at route table by that machine with the address 10.8.0.18. for the sample - make default route 10.8.0.1
Similar questions
A
M
R
L
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question