Menu
What's new
By:
Filters Better Search

Cannot port forward to a machine behind the VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

madfusker

madfusker

Regular Contributor
I have a NAS server running subsonic and have been excluding it from the VPN, mostly just for crashplan backup speed. But now with my 86U I should be able to put it behind the VPN as well. My router that is not inside the VPN does a port forward to the service port of the NAS, and life is good until I put the NAS inside the VPN. How can I still port forward if it goes inside the VPN?

VPN Policy Rules (strict):
All LAN 192.168.1.0/24 0.0.0.0 VPN
router 192.168.1.1 0.0.0.0 WAN
NAS 192.168.1.10 0.0.0.0 WAN

Port forward on the WAN:
Subsonic 4041 192.168.1.10 4041 TCP
 
madfusker said:
How can I still port forward if it goes inside the VPN?
Click to expand...
You can't, it's a contradiction. Port forwarding forwards traffic arriving on the router's WAN IP address to an internal server. The server replies through the same route. If your NAS traffic is being redirected through a VPN service then the incoming traffic would have to come in through this route also.

The only way I can see where it might work would be if you could somehow create a VPN rule that excluded traffic to and from port 4041 on the NAS. AFAIK that's not an option.
 
Ah, I see. It looks like the NAS will have to stay outside the VPN then. I don't really trust port forwarding on the VPN service, but believe it's possible.
 
madfusker said:
Ah, I see. It looks like the NAS will have to stay outside the VPN then. I don't really trust port forwarding on the VPN service, but believe it's possible.
Click to expand...

If the NAS is routed via the VPN, can you try:
Code: 
ip rule del fwmark 0x7000/0x7000 2> /dev/null
ip rule add fwmark 0x7000/0x7000 table 100 prio 9990
ip route flush cache

NAS_Server='192.168.1.10'

# Remember port 4041 must also already be port forwarded using the normal GUI rules!
iptables -t mangle -D PREROUTING -i br0 --src $NAS_Server -p tcp -m multiport --sport 4041 -j MARK --set-mark 0x7000/0x7000 2> /dev/null
iptables -t mangle -A PREROUTING -i br0 --src $NAS_Server -p tcp -m multiport --sport 4041 -j MARK --set-mark 0x7000/0x7000
 
You must log in or register to reply here.

Similar threads

John Tetreault
How to open ipv6 firewall to a port on the router?
Replies
4
Views
628
sfx2000
sfx2000
G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
406
Grefyne
G
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
1K
Don->
D
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
145
GShlomi
GShlomi
Jonnny
Port forwarding to VPN Client
Replies
0
Views
613
Jonnny
Jonnny
Similar threads
Thread starter Title Forum Replies Date
F Bug? "Trigger Port List" cannot be entered in HTTPS mode for 386.12 (RT-AC5300) Asuswrt-Merlin 2
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
muffintastic Cannot Stream from Router - Samba Problem Asuswrt-Merlin 2
U Solved Cannot upload self-signed cert for web UI Asuswrt-Merlin 6
M Cannot connect to a website Asuswrt-Merlin 5
TanyaC cannot add domain to router URL filter Asuswrt-Merlin 15
E Cannot flash DSL-AX82U with GNUton firmware Asuswrt-Merlin 18
Robert Tickle My laptops cannot “see” the new printer Asuswrt-Merlin 4
P Error compiling for AX58U: cannot find crt1.o crti.o crtbegin.o Asuswrt-Merlin 4
B Cannot connect to Wireguard VPN Server Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 860 (members: 24, guests: 836)
Top