Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forward

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 472 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gianni71
      last edited by

      Hi all,
      i have problem with port forwarding, here is my config :

      Site-A(Client) (192.168.1.0/24) -> Openvpn -> Site-B (Server) (172.17.1.0/24)
      Site-C(Client)(192.168.0.0/24) -> Openvpn -> Site-B (Server) (172.171.0/24)

      Site-A(Client)(192.168.1.0/24) -> Openvpn -> Site-D(Server)(10.1.0.0/24)
      Site-B(Client)(172.17.1.0/24) ->Openvpn ->Site-D(Server)(10.1.0.0/24)

      Device from Site-A can ping Site-B and vice versa.
      Device from Site-A can ping Site-D and vice versa.

      Device from Site-B can ping Site-D and vice versa.

      Site-B has his public ip address and I’d like to make a port forward (90) to 10.1.0.7 (port opened and tested)

      any help?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Gianni71
        last edited by

        @Gianni71
        I'm afraid, the only way is to masquerade the traffic at B on the VPN interface with an outbound NAT rule to get response packets back.

        If D was the client, it should also work without masquerading, however.

        G 1 Reply Last reply Reply Quote 0
        • G
          Gianni71 @viragomann
          last edited by

          @viragomann thank.
          Any help how to create the outbound rule?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Gianni71
            last edited by

            @Gianni71
            First assign an interface to the OpenVPN client instance if you haven't done this already.
            Interface > Assignments
            At "available network port" select the client instance, e.g. ovpnc1, and hit add. Open the settings of the new interface, enable it and state a friendly name, say siteD, and save the settings.

            Then go to NAT > Outbound, enable the hybrid mode if it's not. Add a rule:
            interface:siteD
            source: any
            destination 10.1.0.7
            dest: port: <forwarded port>
            translation: interface address

            G 1 Reply Last reply Reply Quote 0
            • G
              Gianni71 @viragomann
              last edited by

              @viragomann outboud didnt work, but i changed SiteD as client and now works well.

              Thank you so much !!!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.