OpenVPN Support Forum

Posted: **Thu Mar 10, 2011 4:55 pm**

HI

i got Openvpn working since years but now things had chance so.. i need now to redirect a port from my eth1 (internet) to my client port 5901.

INTERNET ------------------------ FIREWaLL----------------------TUN------------------------CLIENT(10.0.0.74)
|
|
|
|
|
LAN (192.168.0.0)
|
|
MI PC

i can see my clients with pings to/from my lan clearly. but if a just apply a rule:

iptables -t nat -I PREROUTING -i eth1 -p tcp --dport 4501 -j DNAT --to 10.0.0.74:5901
just nothing happens. does not work the redirecction.
i do a nmap from outside:
PORT STATE SERVICE
5900/tcp filtered vnc
what can i do to acheive this?

Posted: **Thu Mar 10, 2011 11:23 pm**

emel_punk wrote:i need now to redirect a port from my eth1 (internet) to my client port 5901.

my client port 5901

--dport 4501

5900/tcp filtered vnc

First of all -- your request did not mention port 4501 or 5900, but your included code did! Please be specific with your request, as guessing games make it hard to help you out. For my examples I will only be using port 5901, but you can figure out how to substitute --dport 4501 if you require it.

You forgot a few things with your code.

With prerouting you didn't add '-d public.ip.of.vpnserver'. You will need that.
With prerouting, --to is not the same as --to-destination. You should be using --to-destination instead.
Also, you didn't apply a forward rule. You will need that too.

Copy the following two lines of code, and make changes as you will.

Code: Select all

iptables -A FORWARD -p TCP -i eth1 -d 10.0.0.74 --dport 5901 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d public.ip.of.vpnserver --dport 5901 -j DNAT --to-destination 10.0.0.74:5901

OpenVPN Support Forum

redirect port from externt world to my vpn client does not w

redirect port from externt world to my vpn client does not w

Re: redirect port from externt world to my vpn client does n