1

I have been struggling for almost half a year now and I read almost all of the internet's solutions but none have worked.

The current solution which is also came from different articles is this:

iptables -t nat -A PREROUTING -p tcp --dport 2254 -j DNAT --to-destination 10.8.8.2:22

iptables -t nat -A POSTROUTING -p tcp -d 10.8.8.2 --dport 22 -j SNAT --to-source publicIP

where 10.8.8.2 is my vpns client which I can ping and ssh from my iptables vps.

I wanted to forward port 2254 to my vpns client(home pc) from the outside world using my publicIP on port 2254 to vpns ip (10.8.8.2) with ssh port 22.

for example:

ssh user@publicIP -p 2254

net.ipv4.ip_forward=1 was already enabled btw.

Improve this question
3
  • The --to-source IP needs to be the vpn-ip of your VPS - 10.8.8.1 perhaps? Otherwise it sends a packet through the tunnel und receives the answer over public net from a different ip and thus ignores it.
    – Virsacer
    Commented Jan 28, 2022 at 23:01
  • It works!! How to mark that as answer?
    – Rexsovel Melgar
    Commented Jan 29, 2022 at 7:17
  • I just reposted it as an answer ;-)
    – Virsacer
    Commented Jan 29, 2022 at 9:59

1 Answer 1

Reset to default
0

The --to-source IP needs to be the vpn-ip of your VPS - 10.8.8.1 perhaps?

Otherwise it sends a packet through the tunnel and receives the answer over public net from a different IP and thus ignores it.

You can also use MASQUERADE instead of SNAT - this automatically uses the IP of the outgoing interface.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .