Open ports on Openvpn access server to Client

I am trying to forward ports and I am not sure how to accomplish this.
I have multiple ports I need to forward to a vpn client.
I have an openvpn access server spun up. I understand the iptables and allowing rules. But no matter what I do, I cant connect to the services on these ports.

2 Replies

I am trying to forward ports and I am not sure how to accomplish this.

Port forwarding involves NAT.

I understand the iptables and allowing rules

You need a nat PREROUTING DNAT rule on the public interface to match either the tcp or udp port number to the destination of the openvpn tunnel ip (not its public ip) and port number. Also since the packets arrive on the public interface and need to be forwarded from the public interface to the vpn interface you need a FORWARD rule to allow and forward the packets and the responses, and the rule or rules can be port specific for more security. Finally you need a POSTROUTING MASQUERADE rule for the public interface so that source ip of the packets arriving on the public interface gets preserved and the responses are properly NAT'ed back, this might already be in place due the vpn.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct