Port forward

Gianni71

Hi all,
i have problem with port forwarding, here is my config :

Site-A(Client) (192.168.1.0/24) -> Openvpn -> Site-B (Server) (172.17.1.0/24)
Site-C(Client)(192.168.0.0/24) -> Openvpn -> Site-B (Server) (172.171.0/24)

Site-A(Client)(192.168.1.0/24) -> Openvpn -> Site-D(Server)(10.1.0.0/24)
Site-B(Client)(172.17.1.0/24) ->Openvpn ->Site-D(Server)(10.1.0.0/24)

Device from Site-A can ping Site-B and vice versa.
Device from Site-A can ping Site-D and vice versa.

Device from Site-B can ping Site-D and vice versa.

Site-B has his public ip address and I’d like to make a port forward (90) to 10.1.0.7 (port opened and tested)

any help?

viragomann

@Gianni71
I'm afraid, the only way is to masquerade the traffic at B on the VPN interface with an outbound NAT rule to get response packets back.

If D was the client, it should also work without masquerading, however.

Gianni71

@viragomann thank.
Any help how to create the outbound rule?

viragomann

@Gianni71
First assign an interface to the OpenVPN client instance if you haven't done this already.
Interface > Assignments
At "available network port" select the client instance, e.g. ovpnc1, and hit add. Open the settings of the new interface, enable it and state a friendly name, say siteD, and save the settings.

Then go to NAT > Outbound, enable the hybrid mode if it's not. Add a rule:
interface:siteD
source: any
destination 10.1.0.7
dest: port: <forwarded port>
translation: interface address

Gianni71

@viragomann outboud didnt work, but i changed SiteD as client and now works well.

Thank you so much !!!