Port forwarding on OpenVPN
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Port forwarding on OpenVPN

MonsteRMonsteR Member
edited September 2015 in Help

So I am in the process of making a VPN service with multiple locations
so far added
USA - New Jersey
USA - LA
Netherlands
France
Germany
UK
Japan

Issue I am having is portforwarding as at the moment I have these command which is being sent from our main site to the api then to servers
iptables -t nat -A PREROUTING -p tcp --dport '.$port.' -j DNAT --to-destination '.$internalip.'; iptables -A FORWARD -s '.$internalip.' -p tcp --dport '.$port.' -j ACCEPT; service iptables save; service iptables reload'

This should be allowing portforwarding on the Port of the vpn to the internal IP i.e client
My server.conf is
local ***.***.***.** #- my ip server IPs here port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 10.8.0.0 255.255.255.0 push redirect-gateway def1 push dhcp-option DNS 8.8.8.8 push dhcp-option DNS 8.8.4.4 keepalive 5 30 comp-lzo persist-key persist-tun verb 3 reneg-sec 0

Any ideas to why it wont seem to port forward?

RaptorNode.com - DDoS Protected|VPS|Cloud|Dedicated Servers|Collocation - Los Angeles, CA
SamuraiBit Security

Comments

  • I think in "--to-destination local-IP" you need also place port:

    iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination IP:80

    Thanked by 1MonsteR
  • A few things. You set your OPenVPN config to use udp, but you are only forwarding tcp traffic with iptables?

    Also, did you set your outgoing rules?

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

    And forwarding between interfaces?

    iptables -A FORWARD -i eth0 -o tun+ -p udp -m udp --dport xxxxx -j ACCEPT
    iptables -A FORWARD -i tun+ -o eth0 -p udp -m udp --dport xxxxx -j ACCEPT
    
    Thanked by 1MonsteR
  • Pm me your script. Piece of cake

    Thanked by 1MonsteR

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • So for example here are the functions.
    What should be the correct command to open and close ports?
    function openport($sship, $sshport, $username, $password, $internalip, $port) { $connection = ssh2_connect($sship, $sshport); ssh2_auth_password($connection, $username, $password); $cmd = ssh2_exec($connection, 'screen -dmS '.$_SESSION['username'].' & iptables -t nat -A PREROUTING -p tcp --dport '.$port.' -j DNAT --to-destination '.$internalip.'; iptables -A FORWARD -s '.$internalip.' -p tcp --dport '.$port.' -j ACCEPT; service iptables save; service iptables restart'); }

    function closeport($sship, $sshport, $username, $password, $internalip, $port) { $connection = ssh2_connect($sship, $sshport); ssh2_auth_password($connection, $username, $password); $cmd = ssh2_exec($connection, 'screen -dmS '.$_SESSION['username'].' & iptables -t nat -A PREROUTING -p tcp --dport '.$port.' -j DNAT --to-destination '.$internalip.'; iptables -A FORWARD -s '.$internalip.' -p tcp --dport '.$port.' -j ACCEPT; service iptables save; service iptables reload'); }

    RaptorNode.com - DDoS Protected|VPS|Cloud|Dedicated Servers|Collocation - Los Angeles, CA
    SamuraiBit Security
  • Incomplete script. It is very hard to troubleshoot what is wrong but the function is in the script. We will have to look at everything to troubleshoot.

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • The commands are sent all I need is the right commands

    RaptorNode.com - DDoS Protected|VPS|Cloud|Dedicated Servers|Collocation - Los Angeles, CA
    SamuraiBit Security
Sign In or Register to comment.