Question
How to use Ubuntu Droplet and OpenVPN to give your home NAS -> Public IP
- Posted May 11, 2017
- VPNFirewallUbuntu 16.04
Hi guys. I’m new here and this is my first post so please don’t get too rough on my idea. Basically the idea is to do as follows:
NAS —>ROUTER(NAT/No Public IP)---->INTERNET----->Droplet(OpenVPN server)-PublicIP |---------------------------------------OpenVPN-----------------------------------|
Having my NAS on a very good connection but without public IP I want to configure it to act as a openvpn client and connect to my droplets openvpn server, which would act as both a firewall and provider of public ip adress. Configuring NAS and creating openvpn server on droplet is well documented. The hard part for is when it comes to configuring iptables. I don’t realy get it and apart from using ufw I don’t have any real experience using it. Could you guys be so kind to point me in the right direction with that iptables issue? Step 1 - how to configure iptables to pass bidirectional traffic between two interfaces Step 2 - how to configure iptables to pass bidirectinal traffic between two interfaces but just on selected ports
Please help ;)
PS. This is an old NAS which is used only for testing some ideas (for those of you who would like to point out that opening ones NAS to the Internet is a bad idea)
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
@raycool
The idea behind
ufwis to remove the more complex, complicatediptablescommands that you’d be using under normal circumstances.Generally, you’ll make sure
ufwis disabled, that way you don’t accidentally lock yourself out.Check the status to confirm (even though the command above will tell you essentially the same).
Now, I like to also make sure that I’m working with a clean slate, so I’ll go ahead and do a reset.
Now, setting up the default policies is where we start. The goal is to deny all incoming and allow all outgoing.
If you turned the firewall on at this point, you’d lock yourself out, so let’s start by first allowing at least SSH through.
The above command allows access to Port 22 over TCP to anyone. This means incoming/outgoing.
So the default method of allowing a port through is
ufw allowfollowed by a port number, a/, and then the protocol. In most cases, TCP will always be the protocol unless you’re dealing with DNS or something else that requires UDP.So if we wanted to allow 80 (HTTP) and 443 (HTTPS), we could proceed to run:
and
You can swap those ports to match those that you need open.
Once you’re done adding rules, you can enable
ufwusing:Outgoing connections will always be allowed, so no rules need to be setup there. The purpose of the above is to define ports that we want to allow connections through on.
As long as the port you’re connecting from and to on both servers are open, then you’ll be okay with the above. Blocked connections would mean that somewhere, you used the above and didn’t open up a port.