NAT inbound from VPN Provider

Deadringers

Hi I'm trying to setup NAT rules inbound from my VPN to a client, but it's not working.

I've created a NAT rule outbound for specifc clients on my LAN to go out ONLY via the VPN.
This works great and they can get to the internet as they need.

However, getting something to come in on a specific port, and then be forwarded to that client is proving a challenge.

I've setup a port forward rule that sits on the AIR_VPN interface. This should take all traffic destined to my AIR_VPN interface, and send it to the client on the inside port.

However it looks like the traffic is just dropped.
I say this as if I do a PCAP on the AIR_VPN interface, I see the traffic come in with the correct port, and destined for that interface's IP, yet it never shows up on the LAN side.

Anyone got pointers of what I'm doing wrong here?

I've included a few screenshots below of my setup if that helps.

viragomann

@Deadringers
As mentioned in your other thread, rules on the OpenVPN tab have priority over ones on the interface tab.
However, to get request packets on incoming traffic routed back properly, a pass rule on the interface tab must match the incoming traffic.

This means, you have either to remove all pass rules from the OpenVPN tab or modify them so that they do not match to the forwarded traffic.

The same is true for floating rules, if there are any applied to the VPN interface.