Skip to main content
Super User

Return to Question

Improved grammar; Removed fluff; Improved readability; Improved title
Source Link
robinCTS
robinCTS
  • 4.4k
  • 4
  • 20
  • 29

Forwarding ports bypassbypassing the VPN

There areI have the following setup:

  1. Router with internetInternet access
    • Public static IP address
    • Low functional
    • Has a "Port forwarding" feature
    • Local IP address: 192.168.1.1
  2. Linux server (Ubuntu) connected to VPN service (non-controllable by me), as the gateway for the client (3)
    • Interface enp0s3: gw: 192.168.1.1; IP address: 192.168.1.10
    • Interface tun0 - VPN connection
  3. Windows 7 client
  • Public static IP
  • Low functional
  • Has a "Port forwarding" feature
  • IP: 192.168.1.1
  1. Linux Server (Ubuntu) connected to VPN service (non-controllable by me), is a gateway for client (3)
  • Interface enp0s3: gw: 192.168.1.1; IP: 192.168.1.10
  • Interface tun0 - VPN connection
  1. Windows 7 Client
  • Network Interface: gw: 192.168.1.10; IP address: 192.168.1.8

iptables rules on server (2):

*nat
:PREROUTING ACCEPTACCEP T [443:55918]  
:INPUT ACCEPT [21:3328]
:OUTPUT ACCEPT [22:1600]
:POSTROUTING ACCEPT [73:4883]
-A POSTROUTING -s 192.168.1.8/32 -o tun0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [2135:1080592]
:FORWARD ACCEPT [846:190487]
:OUTPUT ACCEPT [1592:396526]
-A FORWARD -s 192.168.1.8/32 -i tun0 -o enp0s3 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.8/32 -i enp0s3 -o tun0 -j ACCEPT
COMMIT

Need toHow do I forward the port for ssha SSH connection to the client, through the external router's address? (can'tI can't do this through the VPN).
How can i do this?

Forwarding ports bypass the VPN

There are:

  1. Router with internet access
  • Public static IP
  • Low functional
  • Has a "Port forwarding" feature
  • IP: 192.168.1.1
  1. Linux Server (Ubuntu) connected to VPN service (non-controllable by me), is a gateway for client (3)
  • Interface enp0s3: gw: 192.168.1.1; IP: 192.168.1.10
  • Interface tun0 - VPN connection
  1. Windows 7 Client
  • Network Interface: gw: 192.168.1.10; IP: 192.168.1.8

iptables rules on server (2):

*nat
:PREROUTING ACCEPT [443:55918]  
:INPUT ACCEPT [21:3328]
:OUTPUT ACCEPT [22:1600]
:POSTROUTING ACCEPT [73:4883]
-A POSTROUTING -s 192.168.1.8/32 -o tun0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [2135:1080592]
:FORWARD ACCEPT [846:190487]
:OUTPUT ACCEPT [1592:396526]
-A FORWARD -s 192.168.1.8/32 -i tun0 -o enp0s3 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.8/32 -i enp0s3 -o tun0 -j ACCEPT
COMMIT

Need to forward port for ssh connection to client, through external router's address (can't do this through VPN).
How can i do this?

Forwarding ports bypassing the VPN

I have the following setup:

  1. Router with Internet access
    • Public static IP address
    • Low functional
    • Has a "Port forwarding" feature
    • Local IP address: 192.168.1.1
  2. Linux server (Ubuntu) connected to VPN service (non-controllable by me), as the gateway for the client (3)
    • Interface enp0s3: gw: 192.168.1.1; IP address: 192.168.1.10
    • Interface tun0 - VPN connection
  3. Windows 7 client
  • Network Interface: gw: 192.168.1.10; IP address: 192.168.1.8

iptables rules on server (2):

*nat
:PREROUTING ACCEP T [443:55918]  
:INPUT ACCEPT [21:3328]
:OUTPUT ACCEPT [22:1600]
:POSTROUTING ACCEPT [73:4883]
-A POSTROUTING -s 192.168.1.8/32 -o tun0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [2135:1080592]
:FORWARD ACCEPT [846:190487]
:OUTPUT ACCEPT [1592:396526]
-A FORWARD -s 192.168.1.8/32 -i tun0 -o enp0s3 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.8/32 -i enp0s3 -o tun0 -j ACCEPT
COMMIT

How do I forward the port for a SSH connection to the client, through the external router's address? (I can't do this through the VPN).

added 23 characters in body
Source Link
mic84
mic84
  • 2.4k
  • 2
  • 22
  • 17

There are:

  1. Router with internet access
  • Public static IP
  • Low functional
  • Has a "Port forwarding" feature
  • IP: 192.168.1.1
  1. Linux Server (Ubuntu) connected to VPN service (non-controllable by me), is a gateway for client (3)
  • Interface enp0s3: gw: 192.168.1.1; IP: 192.168.1.10
  • Interface tun0 - VPN connection
  1. Windows 7 Client
  • Network Interface: gw: 192.168.1.10; IP: 192.168.1.8

iptables rules on server (2):

*nat
:PREROUTING ACCEPT [443:55918]  
:INPUT ACCEPT [21:3328]
:OUTPUT ACCEPT [22:1600]
:POSTROUTING ACCEPT [73:4883]
-A POSTROUTING -s 192.168.1.8/32 -o tun0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [2135:1080592]
:FORWARD ACCEPT [846:190487]
:OUTPUT ACCEPT [1592:396526]
-A FORWARD -s 192.168.1.8/32 -i tun0 -o enp0s3 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.8/32 -i enp0s3 -o tun0 -j ACCEPT
COMMIT

Need to forward port for ssh connection to client, through external router's address (can't do this through VPN).
How can i do this?

There are:

  1. Router with internet access
  • Public static IP
  • Low functional
  • Has a "Port forwarding" feature
  • IP: 192.168.1.1
  1. Linux Server (Ubuntu) connected to VPN service (non-controllable by me), is a gateway for client (3)
  • Interface enp0s3: gw: 192.168.1.1; IP: 192.168.1.10
  • Interface tun0 - VPN connection
  1. Windows 7 Client
  • Network Interface: gw: 192.168.1.10; IP: 192.168.1.8

iptables rules on server (2):

*nat
:PREROUTING ACCEPT [443:55918]  
:INPUT ACCEPT [21:3328]
:OUTPUT ACCEPT [22:1600]
:POSTROUTING ACCEPT [73:4883]
-A POSTROUTING -s 192.168.1.8/32 -o tun0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [2135:1080592]
:FORWARD ACCEPT [846:190487]
:OUTPUT ACCEPT [1592:396526]
-A FORWARD -s 192.168.1.8/32 -i tun0 -o enp0s3 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.8/32 -i enp0s3 -o tun0 -j ACCEPT
COMMIT

Need to forward port for ssh connection to client, through external router's address (can't do this through VPN)

There are:

  1. Router with internet access
  • Public static IP
  • Low functional
  • Has a "Port forwarding" feature
  • IP: 192.168.1.1
  1. Linux Server (Ubuntu) connected to VPN service (non-controllable by me), is a gateway for client (3)
  • Interface enp0s3: gw: 192.168.1.1; IP: 192.168.1.10
  • Interface tun0 - VPN connection
  1. Windows 7 Client
  • Network Interface: gw: 192.168.1.10; IP: 192.168.1.8

iptables rules on server (2):

*nat
:PREROUTING ACCEPT [443:55918]  
:INPUT ACCEPT [21:3328]
:OUTPUT ACCEPT [22:1600]
:POSTROUTING ACCEPT [73:4883]
-A POSTROUTING -s 192.168.1.8/32 -o tun0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [2135:1080592]
:FORWARD ACCEPT [846:190487]
:OUTPUT ACCEPT [1592:396526]
-A FORWARD -s 192.168.1.8/32 -i tun0 -o enp0s3 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.8/32 -i enp0s3 -o tun0 -j ACCEPT
COMMIT

Need to forward port for ssh connection to client, through external router's address (can't do this through VPN).
How can i do this?

Source Link
Maxim Shirokov
Maxim Shirokov
  • 1

Forwarding ports bypass the VPN

There are:

  1. Router with internet access
  • Public static IP
  • Low functional
  • Has a "Port forwarding" feature
  • IP: 192.168.1.1
  1. Linux Server (Ubuntu) connected to VPN service (non-controllable by me), is a gateway for client (3)
  • Interface enp0s3: gw: 192.168.1.1; IP: 192.168.1.10
  • Interface tun0 - VPN connection
  1. Windows 7 Client
  • Network Interface: gw: 192.168.1.10; IP: 192.168.1.8

iptables rules on server (2):

*nat
:PREROUTING ACCEPT [443:55918]  
:INPUT ACCEPT [21:3328]
:OUTPUT ACCEPT [22:1600]
:POSTROUTING ACCEPT [73:4883]
-A POSTROUTING -s 192.168.1.8/32 -o tun0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [2135:1080592]
:FORWARD ACCEPT [846:190487]
:OUTPUT ACCEPT [1592:396526]
-A FORWARD -s 192.168.1.8/32 -i tun0 -o enp0s3 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.8/32 -i enp0s3 -o tun0 -j ACCEPT
COMMIT

Need to forward port for ssh connection to client, through external router's address (can't do this through VPN)