Background info is available from this question: How to make a Google Cloud VM forward Minecraft traffic to an OpenVPN client?
I have an OpenVPN network currently set up in "tap" mode, with the Google VM as the server and a Raspberry Pi 3 client running a Minecraft server. I want to replace the Pi 3 with a Pi 4 by adding it as a new openVPN client.
I successfully set-up the openVPN configs for all the machines and the Pi 4 can ping the cloud VM and other clients, and vice-versa.
In order to move from the Pi 3 to the Pi 4, I executed:
# iptables -F
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25565 -j DNAT --to-destination 10.8.0.6:25565
# iptables -A FORWARD -p tcp -d 10.8.0.6 --dport 25565 -j ACCEPT
# iptables -A POSTROUTING -t nat -s 10.8.0.6 -o eth0 -j MASQUERADE
# iptables -t nat -A POSTROUTING -d 10.8.0.6 -o tap0 -j MASQUERADE
Note that the local IP of the Pi 3 is 10.8.0.3
and the Pi 4 is 10.8.0.6
I saved the settings using iptables-save
and rebooted. However, nmap shows port 25565 as "closed" for the VM and I am unable to connect a minecraft client.
When I redo the above steps with 10.8.0.3
instead of 10.8.0.6
and use the Pi 3 config file for the Pi 4, I am able to connect.
Here is the output of iptables-save
:
# Generated by iptables-save v1.6.0 on Sun Dec 1 08:08:18 2019
*filter
:INPUT ACCEPT [269:342903]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [246:49036]
-A FORWARD -d 10.8.0.6/32 -p tcp -m tcp --dport 25565 -j ACCEPT
COMMIT
# Completed on Sun Dec 1 08:08:18 2019
# Generated by iptables-save v1.6.0 on Sun Dec 1 08:08:18 2019
*nat
:PREROUTING ACCEPT [26:6833]
:INPUT ACCEPT [7:482]
:OUTPUT ACCEPT [22:1420]
:POSTROUTING ACCEPT [22:1420]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 25565 -j DNAT --to-destination 10.8.0.3:25565
-A PREROUTING -i eth0 -p tcp -m tcp --dport 25565 -j DNAT --to-destination 10.8.0.6:25565
-A POSTROUTING -s 10.8.0.3/32 -o eth0 -j MASQUERADE
-A POSTROUTING -d 10.8.0.3/32 -o tap0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.6/32 -o eth0 -j MASQUERADE
-A POSTROUTING -d 10.8.0.6/32 -o tap0 -j MASQUERADE
COMMIT
# Completed on Sun Dec 1 08:08:18 2019
diff
of the two config files, besides the private keys and timestamps:
216c216
< DNS:rpi4
---
> DNS:picraft