How to use Ubuntu Droplet and OpenVPN to give your home NAS -> Public IP

Hi guys. I’m new here and this is my first post so please don’t get too rough on my idea. Basically the idea is to do as follows:

NAS —>ROUTER(NAT/No Public IP)---->INTERNET----->Droplet(OpenVPN server)-PublicIP |---------------------------------------OpenVPN-----------------------------------|

Having my NAS on a very good connection but without public IP I want to configure it to act as a openvpn client and connect to my droplets openvpn server, which would act as both a firewall and provider of public ip adress. Configuring NAS and creating openvpn server on droplet is well documented. The hard part for is when it comes to configuring iptables. I don’t realy get it and apart from using ufw I don’t have any real experience using it. Could you guys be so kind to point me in the right direction with that iptables issue? Step 1 - how to configure iptables to pass bidirectional traffic between two interfaces Step 2 - how to configure iptables to pass bidirectinal traffic between two interfaces but just on selected ports

Please help ;)

PS. This is an old NAS which is used only for testing some ideas (for those of you who would like to point out that opening ones NAS to the Internet is a bad idea)

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.


The idea behind ufw is to remove the more complex, complicated iptables commands that you’d be using under normal circumstances.

Generally, you’ll make sure ufw is disabled, that way you don’t accidentally lock yourself out.

ufw disable

Check the status to confirm (even though the command above will tell you essentially the same).

ufw status

Now, I like to also make sure that I’m working with a clean slate, so I’ll go ahead and do a reset.

ufw reset

Now, setting up the default policies is where we start. The goal is to deny all incoming and allow all outgoing.

ufw default deny incoming
ufw default allow outgoing

If you turned the firewall on at this point, you’d lock yourself out, so let’s start by first allowing at least SSH through.

ufw allow 22/tcp

The above command allows access to Port 22 over TCP to anyone. This means incoming/outgoing.

So the default method of allowing a port through is ufw allow followed by a port number, a /, and then the protocol. In most cases, TCP will always be the protocol unless you’re dealing with DNS or something else that requires UDP.

So if we wanted to allow 80 (HTTP) and 443 (HTTPS), we could proceed to run:

ufw allow 80/tcp


ufw allow 443/tcp

You can swap those ports to match those that you need open.

Once you’re done adding rules, you can enable ufw using:

ufw enable

Outgoing connections will always be allowed, so no rules need to be setup there. The purpose of the above is to define ports that we want to allow connections through on.

As long as the port you’re connecting from and to on both servers are open, then you’ll be okay with the above. Blocked connections would mean that somewhere, you used the above and didn’t open up a port.