I'm trying to route the traffic from port 9999 on public ip to a private ip on port 99 with a VPN in the middle. Lets imagine that I have a public ip, X.X.X.X that when i enter to port 9999 i want to forward it through a VPN.
Public IP machine has also the OpenVPN server so has: X.X.X.X eth0 and 10.0.8.1 tun0 Intermediate machine has 10.8.0.10 tun0 and 192.168.8.4 eth0 Destination machine has 192.168.8.2 and listens on port 99
The reason i need the intermediate machine is that destination machine is a CAM. As my conection to internet is under CGNAT i need to forward all the traffic of the CAM over the VPN
In the public machine i used:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 9999 -j DNAT --to-destination 10.8.0.10:9999
iptables -t nat -A POSTROUTING -p tcp -d 10.8.0.10 --dport 9999 -j SNAT --to-source X.X.X.X
In the intermediate machine (a raspberry pi) i used:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 9999 -j DNAT --to-destination 192.168.8.2:99
iptables -t nat -A POSTROUTING -p tcp -d 192.168.8.2 --dport 99 -j SNAT --to-source 10.0.8.10
If i make a ping from 10.0.8.1 to 10.0.8.10 works so connection exist and also in the other side.
However traffic is not routed and when i enter in the browser to X.X.X.X:9999 doesn't work. Any idea?
Thanks.