Dnat and snat through openvpn with different subnet
Posted: Fri May 01, 2015 1:22 pm
Hi all
before to start see my network config :
public ip adress on dedicated server (location : provider) = x.x.x.x
this server have an openvpn server with tun0 ip 10.8.0.1
in my home my router (debian linux) is a client of the server openvpn with tun0 ip 10.8.0.3 and eth0 192.168.100.254 (local network)
my config of open vpn authorize my local network 192.168.100.0 to communicate with the server openvpn.
in my local network i have a mac OS X yosemite server with a caldav server (port ip tcp 8008 and 8443) with ip 192.168.100.100
if i ping from this mac my openvpn server 10.8.0.1 it's work fine.
My goal is to access to this caldav server from the ip public of the server located to my provider ip x.x.x.x
but difficult to do this :
My iptable config on my openvpn server have this :
iptables -t filter -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -t filter -A INPUT -p tco --dport 8443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 8008 -i eth0 -j DNAT --to-destination 192.168.100.100:8008
iptables -t nat -A PREROUTING -p tcp --dport 8443 -i eth0 -j DNAT --to-destination 192.168.100.100:8443
iptables -t nat -A POSTROUTING -s 192.168.100.100 -p tcp --dport 8008 -j SNAT --to-source x.x.x.x:8008
iptables -t nat -A POSTROUTING -s 192.168.100.100 -p tcp --dport 8443 -j SNAT --to-source x.x.x.x:8443
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.1/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -j MASQUERADE
But doesn't work
Any idea ?
before to start see my network config :
public ip adress on dedicated server (location : provider) = x.x.x.x
this server have an openvpn server with tun0 ip 10.8.0.1
in my home my router (debian linux) is a client of the server openvpn with tun0 ip 10.8.0.3 and eth0 192.168.100.254 (local network)
my config of open vpn authorize my local network 192.168.100.0 to communicate with the server openvpn.
in my local network i have a mac OS X yosemite server with a caldav server (port ip tcp 8008 and 8443) with ip 192.168.100.100
if i ping from this mac my openvpn server 10.8.0.1 it's work fine.
My goal is to access to this caldav server from the ip public of the server located to my provider ip x.x.x.x
but difficult to do this :
My iptable config on my openvpn server have this :
iptables -t filter -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -t filter -A INPUT -p tco --dport 8443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 8008 -i eth0 -j DNAT --to-destination 192.168.100.100:8008
iptables -t nat -A PREROUTING -p tcp --dport 8443 -i eth0 -j DNAT --to-destination 192.168.100.100:8443
iptables -t nat -A POSTROUTING -s 192.168.100.100 -p tcp --dport 8008 -j SNAT --to-source x.x.x.x:8008
iptables -t nat -A POSTROUTING -s 192.168.100.100 -p tcp --dport 8443 -j SNAT --to-source x.x.x.x:8443
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.1/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -j MASQUERADE
But doesn't work
Any idea ?