Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Port forwarding on OpenVPN
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Port forwarding on OpenVPN

MonsteRMonsteR Member
edited September 2015 in Help

So I am in the process of making a VPN service with multiple locations
so far added
USA - New Jersey
USA - LA
Netherlands
France
Germany
UK
Japan

Issue I am having is portforwarding as at the moment I have these command which is being sent from our main site to the api then to servers
iptables -t nat -A PREROUTING -p tcp --dport '.$port.' -j DNAT --to-destination '.$internalip.'; iptables -A FORWARD -s '.$internalip.' -p tcp --dport '.$port.' -j ACCEPT; service iptables save; service iptables reload'

This should be allowing portforwarding on the Port of the vpn to the internal IP i.e client
My server.conf is
local ***.***.***.** #- my ip server IPs here port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 10.8.0.0 255.255.255.0 push redirect-gateway def1 push dhcp-option DNS 8.8.8.8 push dhcp-option DNS 8.8.4.4 keepalive 5 30 comp-lzo persist-key persist-tun verb 3 reneg-sec 0

Any ideas to why it wont seem to port forward?

Comments

  • tronyxtronyx Member

    I think in "--to-destination local-IP" you need also place port:

    iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination IP:80

    Thanked by 1MonsteR
  • grillmastergrillmaster Member

    A few things. You set your OPenVPN config to use udp, but you are only forwarding tcp traffic with iptables?

    Also, did you set your outgoing rules?

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

    And forwarding between interfaces?

    iptables -A FORWARD -i eth0 -o tun+ -p udp -m udp --dport xxxxx -j ACCEPT
iptables -A FORWARD -i tun+ -o eth0 -p udp -m udp --dport xxxxx -j ACCEPT
    Thanked by 1MonsteR
  • cosmicgatecosmicgate Member

    Pm me your script. Piece of cake

    Thanked by 1MonsteR
  • MonsteRMonsteR Member

    So for example here are the functions.
    What should be the correct command to open and close ports?
    function openport($sship, $sshport, $username, $password, $internalip, $port) { $connection = ssh2_connect($sship, $sshport); ssh2_auth_password($connection, $username, $password); $cmd = ssh2_exec($connection, 'screen -dmS '.$_SESSION['username'].' & iptables -t nat -A PREROUTING -p tcp --dport '.$port.' -j DNAT --to-destination '.$internalip.'; iptables -A FORWARD -s '.$internalip.' -p tcp --dport '.$port.' -j ACCEPT; service iptables save; service iptables restart'); }

    function closeport($sship, $sshport, $username, $password, $internalip, $port) { $connection = ssh2_connect($sship, $sshport); ssh2_auth_password($connection, $username, $password); $cmd = ssh2_exec($connection, 'screen -dmS '.$_SESSION['username'].' & iptables -t nat -A PREROUTING -p tcp --dport '.$port.' -j DNAT --to-destination '.$internalip.'; iptables -A FORWARD -s '.$internalip.' -p tcp --dport '.$port.' -j ACCEPT; service iptables save; service iptables reload'); }

  • cosmicgatecosmicgate Member

    Incomplete script. It is very hard to troubleshoot what is wrong but the function is in the script. We will have to look at everything to troubleshoot.

  • MonsteRMonsteR Member

    The commands are sent all I need is the right commands

Sign In or Register to comment.