A little cautious to not mess something up here… as in the subject, I’d like to port forward to a host on a network connected with a net-net OpenVPN connection, however this doesn’t seem to be natively supported. I’m guessing I need some additional iptables rules for this to work – would anyone have any idea how to do this?
I am aware that I could solve this with tcp proxying as well, but it’s cleaner to do it internally, I think…
According to this tutorial, you need two rules in iptables:
iptables -t nat -A PREROUTING -d ovpn_public_ip -p tcp --dport port_to_forward -j DNAT --to-dest ovpn_client_ip:port_to_forward
iptables -t filter -A INPUT -p tcp -d ovpn_client_ip --dport port_to_forward -j ACCEPT
where ovpn_public_ip and ovpn_client_ip are IP numbers while port_to_forward is the port number.