Port forwarding to OpenVPN client

Hi all,

I’m trying to forward a port from an openvpn-server to a mysql server on a client.
I’m able to ping the client from the server and can connet to mysql just fine but forwarding doesn’t seem to work.

Config server:
eth0: public ip/29
tun0 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255

Config client:
eth0: 192.168.0.1/24
tun0: inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255

I tried forwarding the port 11000 (since there’s also mysql running on the server) to client port 3306 using iptables:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 11000 -j DNAT --to 10.8.0.10:3306
but that doesn’t work.
IP forwarding is enabled.

Please help.
Martin

You don’t need port forwarding in the first place. Provided mysql is listening on all interfaces on the client, which includes tun0, you should be able to connect to 10.0.8.10 port 3306. To mysql the connection will appear to come from 10.0.8.1 and your access rules should allow this, if you are filtering on source address.

Hi,

perhaps I didn’t explain correctly what I want to do.
I want to connect to the public ip address (eth0) of the server on port 11000 and forward this connection to the client (port 3306) via vpn.

Martin

Just forwarding may not be enough in that case. Think of what happens at the far end. If say public IP X connects to your server at 11000 and sends a mysql packet to it, it will get forwarded to the server at the far end of the VPN. But DNAT only changes the destination address and port in the packet, not the source address and port. So how will the server at the far end route the packet back to the public IP X? If there’s only one machine, then you could add another routing rule. But in the general case, you have to make it look as if the packet came from 10.0.8.1, i.e. masquerading.

Ok, so how do I set up masquerading to accomplish my task? I’m not an expert when it comes to iptables.

Martin

i have the same problem…
have a webserver on a openvpn client, and want that be able to connect from public internet to the webserver into the openvpn network from my broadband gateway…

i am looking around for too much time, but never found a solution for that issue…

please help !

best regards
BX