1

I think I have read every topic that is close to mine but I'm still stuck :(

I have a VPS running Ubuntu 20.04, it is running an OpenVPN Server and my windows client can connect to it fine and I get the IP of 10.8.0.2 when connected.

What I'm trying to achieve is to forward udp ports 2456,2457,2458 using iptables to my connected VPN windows client which is running a game server, so that anyone who has my VPS IP can connect to my game server hosted on my windows PC through the VPN. I am behind a cgnat so I'm just trying to give myself a public IP (my VPS) and route traffic on those ports to my windows PC VPN client.

So my VPS IP is say xxx.xxx.xxx.xxx, the IP my OpenVPN server gives me is 10.8.0.2

I have tried a ton of different iptables routing but this is the one I have worked off as the author said it worked for him on a similar setup but does not work for me:

iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p udp --dport 2456 -j DNAT --to 10.8.0.2:2456

iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p udp --dport 2457 -j DNAT --to 10.8.0.2:2457


iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p udp --dport 2458 -j DNAT --to 10.8.0.2:2458

Forwarding is enabled:

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

I am not a very good Linux user except for basic things and then following tutes. Any help will be massively appreciated! Thanks.

morph
  • 11
  • If your openvpn server is behind a cgnat, no one will be able to connect to it from the outside. You don't control the NAT, your "ISP" does, so you can't forward ports. (IMO they really shouldn't be allowed to call themselves ISPs, because the service they provide doesn't qualify as internet.) You need to put the openvpn server in a location that is connectable, perhaps on AWS, or at the guy you want to play the game with. The game server can be anywhere though. – stribika Feb 27 '21 at 04:06
  • Only my home connection is behind a cgnat, my vps where I am running openvpn is not behind a cgnat and has completely clear access to the web, I want to use my vps' ip as my public ip and have all requests route back to my home connection through my openvpn client. – morph Feb 27 '21 at 08:52
  • Sorry I misunderstood. That should be possible. I think you're missing some SNAT/MASQUERADE rules in POSTROUTING. The output of ip route on each machine involved would be useful. You can watch the packets yourself with wirehark or tcpdump, and you don't have to start the whole game either, just try to make a connection with netcat. – stribika Feb 27 '21 at 16:54

0 Answers0