Port Forward to VPN client.

stinkefisch · February 16, 2020, 5:49am

Hi all,

I can't port forward from WAN to VPN Client. VPN Client Ubuntu 18 192.168.0.16 Port 6000

VPN Gateway for LAN clients Centos 192.168.0.12
Router 192.168.0.1

I can forward to the VPN Client if VPN is not connected if I forward Port 6000 from 192.168.0.1 directly to 192.168.0.16.
While it's connected to VPN it is not working, so I have tried to add to following rule on the VPN Gateway 192.168.0.12 and forward from 192.168.0.1 to 192.168.0.12

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -d 192.168.0.12 -p tcp --dport 6000 -j DNAT --to-dest 192.168.0.16:6000
iptables -t nat -A POSTROUTING -d 192.168.0.12 -p tcp --dport 6000 -j SNAT --to-source 192.168.0.16

It's not working
Could someone please advise ?

Neo · February 16, 2020, 11:57am

Please explain what you mean by "It's not working".

How do you know it is "not working"?

What did you try? How did you debug?

Thanks.

stinkefisch · February 17, 2020, 6:16am

Hi,

I can reach port 6000 via my DNS over internet if the client is not connected to VPN.

I can't reach port 6000 via my DNS over internet if the client is connected to VPN.

jsikarin · April 25, 2022, 5:34pm

I would use port forwarding for this task instead of IPTables

example

#Establishes tunnel through 192.168.0.12 to 192.168.0.16
ssh -fMNS /usr/lib/systemd/system/vpn.socket -L 6000:192.168.0.16:6000 192.168.0.12
#Connect VPN client to server using port 6000 on loopback interface
VPNClient 127.0.0.1:6000
#Close socket ssh connection when done
ssh -S /usr/lib/systemd/system/vpn.socket -O exit 192.168.0.12

This is how I would do it, but what do I know? I'm freaking 1337