How to forward inbound (Internet) traffic hitting eth0 over OpenVPN tun0?

May 21, 2017 150 views
VPN Firewall Ubuntu 16.04

This isn't my exact case but it is the easiest way I could think to explain my situation. If someone's home ISP blocks port 80 but they still want to self-host a web server, they could do so over a VPN. Most tutorials I found don't cover this.

I'm about 90% of the way there but missing something. I have Ubuntu droplet running OpenVPN server (community) and pfSense connected to it as client. I have a couple servers on the pfSense side that I'd like to be able to access via my droplet's public IP address (over the VPN). So for example, I'd like http://my-droplet-ip.com to hit my web server and ftp://my-droplet-ip.com to hit my ftp server.

My droplet has eth0 with public IP and tun0 for VPN. I can connect to the VPN and get out but when I try to resolve my-droplet-ip.com:80 it times out. I think this is a UFW & iptables issue but everything I find is NAT solutions without IP addresses (NAT 80 to 8080). I just want to send port 80 from eth0 to tun0, over VPN tunnel to VPN client (pfSense) and then on to my servers. I can sort client side but can't get past UFW & iptables right now. Been looking at this:
https://www.digitalocean.com/community/tutorials/how-to-forward-ports-through-a-linux-gateway-with-iptables
tutorial but not sure it is exactly what I need. I'd also like to keep source IP info. I have a server that others will log into and I want to know the source IP addresses as it does me no good if my logs state that every person who accessed the server was my DO droplet (or the other side of my VPN tunnel.

Hope that makes sense. Thanks.

Be the first one to answer this question.