How to forward inbound (Internet) traffic hitting eth0 over OpenVPN tun0?

This isn’t my exact case but it is the easiest way I could think to explain my situation. If someone’s home ISP blocks port 80 but they still want to self-host a web server, they could do so over a VPN. Most tutorials I found don’t cover this.

I’m about 90% of the way there but missing something. I have Ubuntu droplet running OpenVPN server (community) and pfSense connected to it as client. I have a couple servers on the pfSense side that I’d like to be able to access via my droplet’s public IP address (over the VPN). So for example, I’d like to hit my web server and to hit my ftp server.

My droplet has eth0 with public IP and tun0 for VPN. I can connect to the VPN and get out but when I try to resolve it times out. I think this is a UFW & iptables issue but everything I find is NAT solutions without IP addresses (NAT 80 to 8080). I just want to send port 80 from eth0 to tun0, over VPN tunnel to VPN client (pfSense) and then on to my servers. I can sort client side but can’t get past UFW & iptables right now. Been looking at this: tutorial but not sure it is exactly what I need. I’d also like to keep source IP info. I have a server that others will log into and I want to know the source IP addresses as it does me no good if my logs state that every person who accessed the server was my DO droplet (or the other side of my VPN tunnel.

Hope that makes sense. Thanks.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer