Since my OpenVPN server is running on the main router, it has the same IP as the gateway and there is no need to route the server-side LAN gateway to the VPN client subnet. Push "route 255.255.255.255" - no change, remote client can access local servers via LAN IP but not WAN IP. I also attempted to 'advertise' my WAN IP: Push "route 192.168.0.0 255.255.255.0" - no change, remote client can access local servers via LAN IP but not WAN IP. I followed the advice in the article posted about 'advertising' my home subnet in the server-side configuration with the following: If the client attempts to use the WAN IP via NAT Loopback to access local servers then they cannot connect. Like I mentioned before, the remote clients have no trouble accessing everything on my home network as long as the LAN IP is used. Thanks for the reply however this situation is a little different. Sent from my iPhone using TapatalkĪirVPN Port Forward: for 192.168.1.130 - a local port mapped to 103.10.197.187 (public), forward to 10.4.21.250 (internal) Local IP Address: 192.168.1.130 is manually assigned to my website (host on my Macmini server) Below is my iptables for port forwarding: #!/bin/sh iptables -I FORWARD -i br0 -o tun11 -j ACCEPT iptables -I FORWARD -i tun11 -o br0 -j ACCEPT iptables -I FORWARD -i br0 -o vlan1 -j DROP iptables -I INPUT -i tun11 -j REJECT iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE iptables -I FORWARD -i tun11 -p udp -d 192.168.1.130 -dport 18378 -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.130 -dport 18378 -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp -dport 18378 -j DNAT -to-destination 192.168.1.130 iptables -t nat -I PREROUTING -i tun11 -p udp -dport 37649 -j DNAT -to-destination 192.168.1.130 iptables -I FORWARD -i tun11 -p udp -d 192.168.1.132 -dport 37649 -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.132 -dport 37649 -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp -dport 18378 -j DNAT -to-destination 192.168.1.32 iptables -t nat -I PREROUTING -i tun11 -p udp -dport 37649 -j DNAT -to-destination 192.168.1.HOWTO: Expanding the scope of the VPN to include additional machines Interestingly, myDlink webcam was able to secure a port automatically. I need to know the LAN and WAN settings so it will not interfere with port forwarding. iptables -I FORWARD -i tun11 -p udp -d 192.168.1.130 -dport 18378 -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.130 -dport 18378 -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp -dport 18378 -j DNAT -to-destination 192.168.1.130 iptables -t nat -I PREROUTING -i tun11 -p udp -dport 18378 -j DNAT -to-destination 192.168.1.130 iptables -I FORWARD -i tun11 -p udp -d 192.168.1.132 -dport 37649 -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.132 -dport 37649 -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp -dport 37649 -j DNAT -to-destination 192.168.1.32 iptables -t nat -I PREROUTING -i tun11 -p udp -dport 37649 -j DNAT -to-destination 192.168.1.32 That is what I have in my nat-start file. All you need is this pattern, changing things like the TUN device, the port, the LAN device IP to suit your setup. if you're still putting in the extraneous rules that's probably the problem. put in the correct iptables and it works. Nope there are no settings that need changed. REMOVED: SNMP support on the RT-AC86U (incompatible) REMOVED: Merlin NAT loopback mode (was increasingly problematic as the firmware.
0 kommentar(er)
