linux – 2 Systems on OpenVPN Tunnel. 1 Internet accessible, 1 behind NAT. How can I forward ports from internet-client to internal-client with Iptable rules?


Server1 (Public IP-172.263.23.2): Hosting OpenVPN Server at 10.8.0.1
Client1 (Public IP-None): Connected to OpenVPN Server at 10.8.0.2

I’m trying to make it so if I goto http://172.263.23.2:8652, it will look like it’s working, but actually take me to 10.8.0.2:8652 on the other machine. In other words, I’m trying to make the machine with the non public IP able to be used publicly using the public ip address of the openvpn host.

I’ve tried (on 10.8.0.1 host machine)

sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport 8141 -j DNAT --to-destination 10.8.0.2:8141

But nothing was redirected.

ifconfig:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
        inet 172.31.15.183  netmask 255.255.240.0  broadcast 172.31.15.255
        inet6 fe80::44d:45ff:fed2:845f  prefixlen 64  scopeid 0x20<link>
        ether 06:4d:45:d2:84:5f  txqueuelen 1000  (Ethernet)
        RX packets 28479  bytes 29352358 (29.3 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11810  bytes 2115574 (2.1 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 362  bytes 33754 (33.7 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 362  bytes 33754 (33.7 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fe80::7baa:4728:4923:e916  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 4  bytes 288 (288.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9  bytes 564 (564.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0