I am trying to add some rules in order to be able to access to the Synology NAS from outside while the VPN is ON.
If the VPN is OFF ... I can access to the NAS from outside without any problems (through ports 5000 and 5001). So my idea is that ports 5000 and 5001 go through WAN in order NAS can be accessible when the VPN is ON.
I setup the NAS at OpenVPN Client3.
Then I followed "Policy based Port routing (manual method)",
https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-Port-routing-(manual-method)
I created the script "nat-start" using Notepadd ++, with permissions 755.
Then I run the client 3 and started the nat-start script. Then I tried to add the following iptable rules (I also added port 32400 in order to made Plex accessible from outside).
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.2.100 -p tcp -m multiport --sport 5000 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.2.100 -p tcp -m multiport --sport 5001 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.2.100 -p tcp -m multiport --sport 32400 -j MARK --set-mark 0x8000/0x8000
Looking at the System log ... the VPN is active and the nat-start script seems to be working OK, but I still cannot access the NAS from outside.
May 4 16:03:28 JUANDOASUS ovpn-client3[29031]: updown.sh tun13 1500 1585 10.33.0.6 10.33.0.5 init
May 4 16:03:28 JUANDOASUS openvpn-updown: Forcing 192.168.2.100 to use DNS server 1.1.1.1
May 4 16:03:28 JUANDOASUS rc_service: service 29152:notify_rc updateresolv
May 4 16:03:28 JUANDOASUS custom_script: Running /jffs/scripts/service-event (args: updateresolv)
May 4 16:03:31 JUANDOASUS openvpn-routing: Configuring policy rules for client 3
May 4 16:03:31 JUANDOASUS ovpn-client3[29031]: Initialization Sequence Completed
May 4 16:14:15 JUANDOASUS rc_service: service 30860:notify_rc nat-start
May 4 16:14:15 JUANDOASUS custom_script: Running /jffs/scripts/service-event (args: nat-start)
If run the command "iptables -t nat -L", it seems that no rules had been added.
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNSVPN3 tcp -- anywhere anywhere tcp dpt:domain
DNSVPN3 udp -- anywhere anywhere udp dpt:domain
DNSVPN1 tcp -- anywhere anywhere tcp dpt:domain
DNSVPN1 udp -- anywhere anywhere udp dpt:domain
Am I missing something?
If the VPN is OFF ... I can access to the NAS from outside without any problems (through ports 5000 and 5001). So my idea is that ports 5000 and 5001 go through WAN in order NAS can be accessible when the VPN is ON.
I setup the NAS at OpenVPN Client3.
Then I followed "Policy based Port routing (manual method)",
https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-Port-routing-(manual-method)
I created the script "nat-start" using Notepadd ++, with permissions 755.
Then I run the client 3 and started the nat-start script. Then I tried to add the following iptable rules (I also added port 32400 in order to made Plex accessible from outside).
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.2.100 -p tcp -m multiport --sport 5000 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.2.100 -p tcp -m multiport --sport 5001 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.2.100 -p tcp -m multiport --sport 32400 -j MARK --set-mark 0x8000/0x8000
Looking at the System log ... the VPN is active and the nat-start script seems to be working OK, but I still cannot access the NAS from outside.
May 4 16:03:28 JUANDOASUS ovpn-client3[29031]: updown.sh tun13 1500 1585 10.33.0.6 10.33.0.5 init
May 4 16:03:28 JUANDOASUS openvpn-updown: Forcing 192.168.2.100 to use DNS server 1.1.1.1
May 4 16:03:28 JUANDOASUS rc_service: service 29152:notify_rc updateresolv
May 4 16:03:28 JUANDOASUS custom_script: Running /jffs/scripts/service-event (args: updateresolv)
May 4 16:03:31 JUANDOASUS openvpn-routing: Configuring policy rules for client 3
May 4 16:03:31 JUANDOASUS ovpn-client3[29031]: Initialization Sequence Completed
May 4 16:14:15 JUANDOASUS rc_service: service 30860:notify_rc nat-start
May 4 16:14:15 JUANDOASUS custom_script: Running /jffs/scripts/service-event (args: nat-start)
If run the command "iptables -t nat -L", it seems that no rules had been added.
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNSVPN3 tcp -- anywhere anywhere tcp dpt:domain
DNSVPN3 udp -- anywhere anywhere udp dpt:domain
DNSVPN1 tcp -- anywhere anywhere tcp dpt:domain
DNSVPN1 udp -- anywhere anywhere udp dpt:domain
Am I missing something?