Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
Yuri Pikhtarev2016-03-04 17:38:06
openvpn
Yuri Pikhtarev, 2016-03-04 17:38:06

Port forwarding in OpenVPN via ufw?

Good evening.
There is an OpenVPN server raised on DigitalOcean using the https://github.com/Nyr/openvpn-install script - accordingly, the entire base part works, clients connect, traffic goes. However, there is one snag, the solution of which he himself did not find.
It is necessary that when accessing the OpenVPN server on port 8080, this request is forwarded to port 8080 of the connected client. Found some solutions, but none worked.
Tried like this with iptables:

iptables -A FORWARD -d 10.8.0.2 -i eth0 -p tcp -m tcp --dport 3000:65500 -j ACCEPT
iptables -A FORWARD -d 10.8.0.2 -i eth0 -p udp -m udp --dport 3000: 65500 -j ACCEPT
iptables -t nat -A PREROUTING -d 37.139.29.*** -p tcp -m tcp --dport 3000:65500 -j DNAT --to-destination 10.8.0.2
iptables -t nat -A PREROUTING -d 37.139.29.*** -p udp -m udp --dport 3000:65500 -j DNAT --to-destination 10.8.0.2
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

So:
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 10.8.0.2
iptables -A FORWARD -s 10.8.0.2 -p tcp --dport 8080 -j ACCEPT

And so I tried it through ufw:
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.8.0.2:8080
-A PREROUTING -i eth0 -p udp -m udp --dport 8080 -j DNAT --to-destination 10.8.0.2:8080
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
...
# START OPENVPN RULES
-A FORWARD -d 10.8.0.2/32 -p tcp -m tcp --dport 8080 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD - d 10.8.0.2/32 -p udp -m udp --dport 8080 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# END OPENVPN RULES

But nothing helps and the port does not become open.
Server IP: 37.139.29.***
VPN client IP after connecting internal: 10.8.0.2 Port forwarding is enabled
in the kernel. In the ufw settings, forwarding is also allowed.
Perhaps someone came across?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
Z
Ziptar, 2016-03-10
@Ziptar

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 10.8.0.2:8080
iptables -A FORWARD -t eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A FORWARD -s 10.8.0.2 -p tcp --sport 8080 -j ACCEPT
Should work if nothing is wrong. With iptables I communicate not that often.
In general: https://www.opennet.ru/docs/RUS/iptables/
PS forwarding must be enabled on both interfaces - that is, eth0 and tun/tap

Report
V
Vladimir Kuznetsov, 2016-03-11
@smithy1208

try enabling
client-to-client

Similar questions
M
Maxim2014-10-31 18:45:27
Is such a scheme possible? 1Reply
F
FunMelon2019-03-31 10:37:32
Why doesn't the package know where to go? 2Reply
D
dminster942020-12-16 22:16:38
How to configure iptables for openvpn? 1Reply
E
Evgeny702014-11-20 11:06:49
Several OVPN clients on Mikrotik? 2Reply
D
dimaguru2020-12-27 23:06:12
How to block a domain in OpenVPN config file? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question