What's new

Port Forwarding while Using OpenVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

gA2ZZCnZz

Occasional Visitor
I have searched and found similar threads, but not quite what I'm looking for. I am running an Asus RT-N66U with Merlin 376.47. I have the OpenVPN client set for my PIA account and everything works fine. I use Asus's dyndns for the WAN address.

I would like to have a couple of ports forwarded for remote administration. I have seen a couple of threads that talk about this, but they are all based on leaving all traffic to the WAN and passing certain IPs to the VPN. I guess I'm looking for the opposite.

Can anyone help with the commands I need for my wan start file?
 
I'm pretty sure that PIA allows for only 1 forwarded port at any one time.
 
I finally figured this out. I should have added this to the selective routing thread (and I posted my solution there), but I wanted to put it here so I don't leave an orphan thread. I don't understand enough to explain anything to other noobs like myself, but I'll share my code in case it helps.

My goal was to route all internet traffic through the VPN. This was already working. I then wanted a few ports to go through the WAN and be forwarded for remote administration. My problem was that the open ports were not forwarding.

To start, I added these lines to the custom configuration box under the OpenVPN client settings on the WebUI.

Code:
route-nopull
script-security 2
route-up /jffs/scripts/vpn_route_up.sh

I then created a file in notepad++ for the script. I used the code below and saved the script as /jffs/scripts/vpn_route_up.sh. I changed the octal to 0777 to make the script executable.

Code:
#!/bin/sh

touch /tmp/000vpn_route_up.ran
logger -t "($(basename $0))" $$ "Starting vpn_route_up.sh"
echo "($(basename $0))" $$ "Starting vpn_route_up.sh"

ip route flush table 10
ip rule del table 10
ip rule del fwmark 10 table 10
ip route flush table 12
ip rule del table 12
ip rule del fwmark 12 table 12
ip route flush cache
iptables -t mangle -F PREROUTING

echo "($(basename $0))" $$ "RTNETLINK errors are from deleting tables that don't exist yet and can be ignored."

tun_if="tun11"
tun_ip=$(ifconfig $tun_if | grep 'inet addr:'| cut -d: -f2 | awk '{ print $1}')

logger -t "($(basename $0))" $$ "CMD: ip route add default via $tun_ip dev $tun_if table 10"
logger -t "($(basename $0))" $$ "CMD: ip route add default via $(nvram get wan_gateway) dev eth0 table 12"

ip route add default via $tun_ip dev $tun_if table 10
ip rule add fwmark 10 table 10
ip route add default via $(nvram get wan0_gateway) dev eth0 table 12
ip rule add fwmark 12 table 12

echo 0 > /proc/sys/net/ipv4/conf/$tun_if/rp_filter

iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.2-192.168.1.254 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -i br0 -p tcp --dport 22 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 3389 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -i br0 -p tcp --dport 8080 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 8081 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 8082 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 8083 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 8084 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -i br0 -p tcp --dport 8443 -j MARK --set-mark 12

exit

If anyone is interested in more information on this, I'd suggest looking at the selective routing thread at http://www.smallnetbuilder.com/forums/showthread.php?t=9311.
 
Last edited:

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top