Results 1 to 6 of 6

Thread: Port forwarding to OpenVPN client

  1. #1
    Drumhead NNTP User

    Default Port forwarding to OpenVPN client

    Hi all,

    I'm trying to forward a port from an openvpn-server to a mysql server on a client.
    I'm able to ping the client from the server and can connet to mysql just fine but forwarding doesn't seem to work.

    Config server:
    eth0: public ip/29
    tun0 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255

    Config client:
    eth0: 192.168.0.1/24
    tun0: inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255

    I tried forwarding the port 11000 (since there's also mysql running on the server) to client port 3306 using iptables:
    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 11000 -j DNAT --to 10.8.0.10:3306
    but that doesn't work.
    IP forwarding is enabled.

    Please help.
    Martin

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: Port forwarding to OpenVPN client

    You don't need port forwarding in the first place. Provided mysql is listening on all interfaces on the client, which includes tun0, you should be able to connect to 10.0.8.10 port 3306. To mysql the connection will appear to come from 10.0.8.1 and your access rules should allow this, if you are filtering on source address.

  3. #3
    Drumhead NNTP User

    Default Re: Port forwarding to OpenVPN client

    Hi,
    Quote Originally Posted by ken_yap View Post
    You don't need port forwarding in the first place. Provided mysql is listening on all interfaces on the client, which includes tun0, you should be able to connect to 10.0.8.10 port 3306. To mysql the connection will appear to come from 10.0.8.1 and your access rules should allow this, if you are filtering on source address.
    perhaps I didn't explain correctly what I want to do.
    I want to connect to the public ip address (eth0) of the server on port 11000 and forward this connection to the client (port 3306) via vpn.

    Martin

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: Port forwarding to OpenVPN client

    Just forwarding may not be enough in that case. Think of what happens at the far end. If say public IP X connects to your server at 11000 and sends a mysql packet to it, it will get forwarded to the server at the far end of the VPN. But DNAT only changes the destination address and port in the packet, not the source address and port. So how will the server at the far end route the packet back to the public IP X? If there's only one machine, then you could add another routing rule. But in the general case, you have to make it look as if the packet came from 10.0.8.1, i.e. masquerading.

  5. #5
    Drumhead NNTP User

    Default Re: Port forwarding to OpenVPN client

    Ok, so how do I set up masquerading to accomplish my task? I'm not an expert when it comes to iptables.

    Martin

  6. #6
    topay3 NNTP User

    Default Re: Port forwarding to OpenVPN client

    i have the same problem...
    have a webserver on a openvpn client, and want that be able to connect from public internet to the webserver into the openvpn network from my broadband gateway...

    i am looking around for too much time, but never found a solution for that issue...

    please help !

    best regards
    BX

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •