Join Log in
Score:0
Siavash avatar Server

Port forwarding via vpn connection

kw flag
Siavash

I have two RHEL servers, one frontend and one backend. The connection of which is like this:

----eth0---frotnend---eth0 -------- eth0 ----- backend

Also, I've set port forwarding between two servers for certain ports via iptables:

# Generated by iptables-save v1.4.21 on Fri Oct 28 08:11:16 2022
*filter
:INPUT ACCEPT [1596477:1248637845]
:FORWARD ACCEPT [1430638:1055355293]
:OUTPUT ACCEPT [1280144:1191615292]
COMMIT
# Completed on Fri Oct 28 08:11:16 2022
# Generated by iptables-save v1.4.21 on Fri Oct 28 08:11:16 2022
*nat
:PREROUTING ACCEPT [37977:3175775]
:INPUT ACCEPT [5252:797745]
:OUTPUT ACCEPT [558:37756]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 220 -j DNAT --to-destination BACKEND_IP:22
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Oct 28 08:11:16 2022
# Generated by iptables-save v1.4.21 on Fri Oct 28 08:11:16 2022
*mangle
:PREROUTING ACCEPT [3046033:2305065083]
:INPUT ACCEPT [1596477:1248637845]
:FORWARD ACCEPT [1430638:1055355293]
:OUTPUT ACCEPT [1280144:1191615292]
:POSTROUTING ACCEPT [2710782:2246970585]
COMMIT
# Completed on Fri Oct 28 08:11:16 2022
# Generated by iptables-save v1.4.21 on Fri Oct 28 08:11:16 2022
*raw
:PREROUTING ACCEPT [3046033:2305065083]
:OUTPUT ACCEPT [1280144:1191615292]
COMMIT

port forwarding worked perfetcly fine.

Now, I've decided to connect both servers via openvpn, with backend server being the default gateway for the frontend. New routing table looks like this:

---eth0---frontend --- tun0 === tun0 ---- backend ---- eth0

0.0.0.0         10.8.0.1        0.0.0.0       UG    0      0        0 tun0

also, in order for frontned server to be accessible via eth0, I've added a small routing table for them like this:

echo 200 reth0 >> /etc/iproute2/rt_tables
echo 201 rtun0 >> /etc/iproute2/rt_tables
ip rule add from FRONTEND_IP table reth0
ip route add default via FRONTEND_GW dev eth0 table reth0
ip rule add from 10.8.0.2 table rtun0
ip route add default via 10.8.0.1 dev tun0 table rtun0

And edited iptables to look like this:

-A PREROUTING -p tcp -m tcp --dport 220 -j DNAT --to-destination 10.8.0.1:22

adding this, everything planned work fine, except that the port forwarding does not work anymore, getting the error "connection refused".

I'm sure I'm making a mistake somewhere, but as much as I searched the web, I couldn't find any solution.

I'd appreciate it if I can be guided to fix the issue.

Thanks

67
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.