Menu
What's new
By:
Filters Better Search

Forwarding an incoming port from OpenVPN to a local LAN IP

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

NetSetGo

Occasional Visitor
Hi!
I have a possibly trivial scenario, which, after searching and reading some vaguely related threads would probably be solvable with iptables and some jffs scripts, but I found nothing that would cover my scenario:

1. I have a VPN service provider, where I configure portforwarding of port 50001
2. On RT-AC5300 I successfully configured and enabled VPN Client 1 to connect to that VPN service provider. I have also enabled strict tunnelling policy and set up three local static IPs to explicitly use this VPN client and disconnect if the tunnel goes down.
3. I now want to set up portforwarding in such a way that port 50001 from the VPN connection (and not from WAN) is forwarded to one of those three LAN IPs.

Could someone help with this, please?
 
First, make sure you have jffs and custom scripts enabled in Administration->System. Reboot after making any changes. Then open a shell (ssh) to the router using Putty and copy/paste (right-click) the following script into the window. Use the vi editor to make your specific changes to the script (/jffs/scripts/nat-start) for the port forward. Finally, reboot.

Code: 
SCRIPTS_DIR="/jffs/scripts"
SCRIPT="$SCRIPTS_DIR/nat-start"

mkdir -p $SCRIPTS_DIR

cat << "EOF" > $SCRIPT
#!/bin/sh

DEV="tun11"
PROTO="tcp"
EXT_PORT="50001"
INT_IP="192.168.1.100"
INT_PORT="22"

ipt() {
    # precede insert/append w/ deletion to avoid dupes
    while iptables ${@/-[IA]/-D} 2> /dev/null; do :; done
    iptables $@
}

# create internal port forward
ipt "-t nat -I PREROUTING -i $DEV -p $PROTO --dport $EXT_PORT \
    -j DNAT --to $INT_IP:$INT_PORT"
ipt "-I FORWARD -i $DEV -p $PROTO -d $INT_IP --dport $INT_PORT \
    -j ACCEPT"

exit 0
EOF

chmod +x $SCRIPT
 
Last edited:
Thank you, and especially for the install-friendly way :)
I'll test it tonight. Will VPN Client1 interface always be on "tun11" or do I have to look it up and change?
 
Thanks again! Writing to say that it works perfectly!
 
You must log in or register to reply here.

Similar threads

M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
316
elorimer
E
Q
VPN Fusion and firewall/port forwarding
Replies
0
Views
169
qpeg
Q
B
Firewall lan - vpn?
Replies
0
Views
271
blast
B
G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
401
Grefyne
G
P
OpenVPN Client will use VPN to access...
Replies
2
Views
717
elorimer
E
Similar threads
Thread starter Title Forum Replies Date
GShlomi Sharing my DualWan with port forwarding and DDNS experience Asuswrt-Merlin 0
GShlomi Two WANs but not dual-WAN, with port-forwarding Asuswrt-Merlin 7
Mr Solis Enabling NAT Acceleration (CTF) breaks Port Forwarding? (RT-AC68U w/ 386.12_4) Asuswrt-Merlin 17
A PS5 port forwarding and VPN rules Asuswrt-Merlin 4
SA_booley Port forwarding only works on LAN Asuswrt-Merlin 10
C Port Forwarding and Firewall - not working as I expect Asuswrt-Merlin 4
C IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt Asuswrt-Merlin 4
mixels Possible to configure RT-AX86U w/ Merlin with more than 64 port forwarding rules? Asuswrt-Merlin 9
V Port forwarding not working? Asuswrt-Merlin 6
Z Port forwarding for client connected to OpenVPN server Asuswrt-Merlin 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 838 (members: 32, guests: 806)
Top