Port forwarding using IPTABLES to vpn client
I have been struggling for almost half a year now and I read almost all of the internet's solutions but none have worked.
The current solution which is also came from different articles is this:
iptables -t nat -A PREROUTING -p tcp --dport 2254 -j DNAT --to-destination 10.8.8.2:22
iptables -t nat -A POSTROUTING -p tcp -d 10.8.8.2 --dport 22 -j SNAT --to-source publicIP
where 10.8.8.2 is my vpns client which I can ping and ssh from my iptables vps.
I wanted to forward port 2254 to my vpns client(home pc) from the outside world using my publicIP on port 2254 to vpns ip (10.8.8.2) with ssh port 22.
for example:
ssh user@publicIP -p 2254
net.ipv4.ip_forward=1 was already enabled btw.
1 Answer
The --to-source IP needs to be the vpn-ip of your VPS - 10.8.8.1 perhaps?
Otherwise it sends a packet through the tunnel and receives the answer over public net from a different IP and thus ignores it.
You can also use MASQUERADE instead of SNAT - this automatically uses the IP of the outgoing interface.
