Question

Redirect port 3389 from eth0 to tun0 (OpenVPN)

Posted March 19, 2020 1.8k views
Firewall

Hello people. I tried in every way (that I know) to redirect a port (3389) of public ip origin through the eth0 interface to the tun0 interface virtual VPN network. But not work. Has anyone had this problem?

Hugs.

1 comment
  • Table route:

    root@debian-s-1vcpu-1gb-nyc1-01:/etc/openvpn# route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    default         68.183.16.1     0.0.0.0         UG    0      0        0 eth0
    10.10.0.0       *               255.255.0.0     U     0      0        0 eth0
    10.136.0.0      *               255.255.0.0     U     0      0        0 eth1
    68.183.16.0     *               255.255.240.0   U     0      0        0 eth0
    192.168.254.0   192.168.254.2   255.255.255.0   UG    0      0        0 tun0
    192.168.254.2   *               255.255.255.255 UH    0      0        0 tun0
    

    eth0 public IP
    tun0 VPN IP

    iptables for testing:

    #!/bin/bash
    # Flushing all rules
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    
    
    iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp --dport 8080 -j DNAT --to-destination 68.183.26.243:80 #working!
    iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp --dport 85 -j DNAT --to-destination 192.168.254.10:80  #not work :(
    
    iptables -I INPUT 1  -p tcp --match multiport --port 85,8080 -j ACCEPT
    iptables -I INPUT 2  -p udp --match multiport --port 85,8080 -j ACCEPT
    iptables -I OUTPUT 1 -p tcp --match multiport --port 85,8080 -j ACCEPT
    iptables -I OUTPUT 2 -p udp --match multiport --port 85,8080 -j ACCEPT
    
    echo "1" > /proc/sys/net/ipv4/conf/eth0/accept_redirects
    echo "1" > /proc/sys/net/ipv4/conf/eth0/forwarding
    echo "1" > /proc/sys/net/ipv4/conf/tun0/accept_redirects
    echo "1" > /proc/sys/net/ipv4/conf/tun0/forwarding
    echo "1" > /proc/sys/net/ipv4/conf/all/accept_redirects
    echo "1" > /proc/sys/net/ipv4/conf/all/forwarding
    

    Can someone help me? :(

    I made these same settings on a server that I have here in the company and it worked, but this is not working.

Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!