VPN port forwarding


#1

Hi,

I succesfully installed a VPN server on my scaleway VPS, and I can ping and ssh my client (NAS behind a 4G router)
But now I struggled with port forwarding.
I’d like to redirect traffic from VPS_PUBLIC_IP:12345 to VPN_CLIENT_IP:22. (remote ssh access to my NAS)

I added PREROUTING and FORWARD rules in iptables, without success.
When I check kernel logs, I can see some incomming traffic on 12345 port, but the destination address is not the VPS_PUBLIC_IP, but anotter 10.8.xx.xxx address.
It seems to be my private IP.

So do I need to edit my iptable rules to deal with private IP instead of public one?
Do I have to add a kind of NAT rule in the scaleway GUI “Security groups” tab ?

Is ther any tutorials or advices for this use case?
Thanks


#2

So do I need to edit my iptable rules to deal with private IP instead of public one?

Yes, you need to use the private IP address. However the private IP can change if you archive your instance.

Instead, consider creating the rule on your network interface and forward to the destination port on your VPN interface (e.g. something like tun0 if you’re using OpenVPN)

Do I have to add a kind of NAT rule in the scaleway GUI “Security groups” tab ?

No, this should be done in iptables on your instance. Security groups do not support the kind of NAT/forward rule you want to implement.