Port forwarding with OpenVPN

iptables openvpn nat port-forwarding
18,359

I assume you're using OpenVPN in routed mode and are NATting its clients onto the WAN. If so, you'll want to do the following:

iptables -t nat -A PREROUTING -i eth0 -d 123.45.67.89 -p tcp --dport 4444 -j DNAT --to-destination 192.168.1.10 (change eth0 to whatever interface your WAN is actually on).

If you're not using NAT, then it's just a matter of making sure the host you're trying to connect from knows to route packets destined for 192.168.1.10 through 123.45.67.89 (which obviously won't work to an RFC1918 IP over the Internet). In any case, the only other requirements are that you have IPv4 routing enabled (I'd assume that the VPN wouldn't be working at all if you didn't) and that you don't have any other firewall rules that would block this traffic.

Share:
18,359

Related videos on Youtube

Red Spider
Author by

Red Spider

Updated on September 18, 2022

Comments

  • Red Spider
    Red Spider over 1 year

    Set up an openvpn server but having trouble getting ports forwarded to the client.

    Below is what I am trying to do:

    WAN: 123.45.67.89:4444 -> [OpenVPN Server] -> CLIENT: 192.168.1.10:4444

    Seen many different answers on how to do this but no matter what I try it doesn't seem to work and port tests always show the port as closed.

  • Red Spider
    Red Spider about 7 years
    Thanks for the reply. Tried the above but still port tests still show port is closed. Made sure to iptables -A INPUT -p tcp --dport 4444 -j ACCEPT so port should be able on the OpenVPN server.
  • Joseph Sible-Reinstate Monica
    Joseph Sible-Reinstate Monica about 7 years
    You need to use the FORWARD chain, not the INPUT chain.
  • ptica
    ptica over 6 years
    i needed to add -A POSTROUTING -p tcp -d 192.168.1.10 --dport 4444 -j MASQUERADE rule as well
  • Joseph Sible-Reinstate Monica
    Joseph Sible-Reinstate Monica over 6 years
    @ptica that rule would only be needed for NAT reflection (and its scope could be made a bit narrower).
  • ptica
    ptica over 6 years
    hi @JosephSible, thanks for the remark, i couldn't telnet into 123.45.67.89:4444 without that POSTROUTING rule, however I still do not understand the need for it as I already route 192.168.1.0/24 to openvpn's gateway 10.8.0.2

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Forward port to OpenVPN Client
OpenVPN won't connect from remote location
Windows 10 - NAT - Port forwarding & IP masquerade
Destination NAT Onto the Same Network from internal clients
iptables forward rule not working in openwrt
openvpn port forwarding for SNAT or DNAT with Iptables?
Forward traffic to local LAN IP while keeping the originator IP
Using a Dell DRAC virtual console through a NAT firewall
My iptable rules do not allow VPN connections
Why is my OpenVPN Client not connecting to the server? Amazon EC2 Windows