for now im just running rpi on lan side with the openvpn client
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.250.1:80
iptables -t nat -A PREROUTING -p tcp --dport 21845 -j DNAT --to-destination 192.168.250.1:21845
iptables -t nat -A PREROUTING -p tcp --dport 9600 -j DNAT --to-destination 192.168.250.2:9600
iptables -t nat -A POSTROUTING -p tcp -d 192.168.250.1 --dport 80 -j SNAT --to-source 10.8.0.3
iptables -t nat -A POSTROUTING -p tcp -d 192.168.250.1 --dport 21845 -j SNAT --to-source 10.8.0.3
iptables -t nat -A POSTROUTING -p tcp -d 192.168.250.2 --dport 9600 -j SNAT --to-source 10.8.0.3
# Allow traffic initiated from VPN to access LAN
iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.250.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD -i eth0 -o tun0 -s 192.168.250.0/24 -d 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
# Allow established traffic to pass back and forth
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
iptables -t nat -I POSTROUTING -o eth0 -s 192.168.250.0/24 -j MASQUERADE
i will get some more routers and test in a smaller scale and see if i can add the missing rules connecting tun0 to eth0\br-lan
Portforward and how to access via vpn cli adress
Moderator: Moderators
Re: Portforward and how to access via vpn cli adress
Keep us updated
I finally figured out what you are trying to do.
If you can do testing and leg work somebody might do some thing with the GUI.
I finally figured out what you are trying to do.
If you can do testing and leg work somebody might do some thing with the GUI.
Re: Portforward and how to access via vpn cli adress
Just got my new batch of routers, this time the first one i try has the infamous 18005 error when trying to upload new firmware, tried all the alternatives i could find listed in this forum, short of the tftp solution. is that the only way to go, or did someone make a better solution?
Re: Portforward and how to access via vpn cli adress
I have the same problem. I broke my new router so bad that a serial recovery did not work. I got a new replacement under warranty.
I waiting for a better firmware or better instructions.
Be careful.
I waiting for a better firmware or better instructions.
Be careful.
Re: Portforward and how to access via vpn cli adress
For now, i have addded my needed rules to forward from tun0 to br-lan in a script activated at boot via crontab.
would be awsom to have that option on the gui, being able to chose while making tha nat in firewall.
would be awsom to have that option on the gui, being able to chose while making tha nat in firewall.
Re: Portforward and how to access via vpn cli adress
Can you post what you have done. I might help others?
Re: Portforward and how to access via vpn cli adress
In the end what i did, was to try add in crontab /etc/crontabs/root
@reboot /location/filename.sh
that did not work, seems the firewall rules are applied later in the boot process, so it overwrites whatever i added @ boot
so i actually just added my rules in /etc/rc.local
sleep 20
iptables -t nat -a preroute something
iptables -t nat -a postrouting something
iptable - forward something
found that if i added the sleep on top, it will add my additional rules after the gargoyle initialization is done
all this can be avoided if we get it as an option on the firewall page next to where we chose tcp or udp, there we can have the option to whose interface as well
@reboot /location/filename.sh
that did not work, seems the firewall rules are applied later in the boot process, so it overwrites whatever i added @ boot
so i actually just added my rules in /etc/rc.local
sleep 20
iptables -t nat -a preroute something
iptables -t nat -a postrouting something
iptable - forward something
found that if i added the sleep on top, it will add my additional rules after the gargoyle initialization is done
all this can be avoided if we get it as an option on the firewall page next to where we chose tcp or udp, there we can have the option to whose interface as well