Register a domain and help support LQ
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 04-27-2012, 07:05 AM   #1
LQ Newbie
Registered: Apr 2012
Posts: 1

Rep: Reputation: Disabled
Question IPTables unable to nat trough VPN traffic


I have a VPN connection to a server on a remote location. I want other pc's to be able to reach the webserver on the remote location trough the VPN connector. But i can't get where i want.

This is the situation:

VPN Server (and also the webserver):
Router: & (openssh port is forwarded to
VPN Connector:
Client pc:

Also the ip of the vpn networks (called tun0) are:
VPN Server:
VPN Connector:

So, if i login to the VPN Connector, and do a wget it works fine.

That's good, the vpn connection works.

But what i want to do is: on the client pc go to the browser and go to (that's the vpn connector). Then the connector should forward it to the vpn showing me the webserver on (the vpn server).

This is my IPTables setup:
iptables -t nat -A PREROUTING -p tcp -d --dport 4848 -m state --state NEW,ESTABLISHED,RELATED -j DNAT -to
iptables -t nat -A POSTROUTING -o tun0 MASQUERADE
So, i'm fairly new to iptables, What am i missing?

If i do a tcpdump on the vpn connector on tun0 i can see that the packets go trough?

13:31:02.850057 IP > Flags [S], seq 538959383, win 8192, options                          [mss 1460,nop,nop,sackOK], length 0
But if i do a tcpdump on the VPN server on tun0 nothing is happening.

I'm sorry that this is a long post, but what am i doing wrong? Please help!

Last edited by cygnusx; 04-27-2012 at 07:24 AM.
Old 04-27-2012, 10:11 AM   #2
Registered: May 2011
Location: Nottingham, UK
Distribution: Debian
Posts: 178

Rep: Reputation: 34
I would replace
iptables -t nat -A PREROUTING -p tcp -d --dport 4848 -m state --state NEW,ESTABLISHED,RELATED -j DNAT -to
iptables -t nat -A PREROUTING -d -p tcp -m tcp --dport 4848 -j DNAT --to-destination
I'm not saying your way is wrong, I am saying that I know that my way is working and looks clearer to me If you are permitting new connections, there isn't that much point in checking the state.

Not sure what your exact setup is, so hard to comment on the NAT settings. You might need to do nat at other end of tunnel, not on the VPN connection server.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] iptables: Block all traffic on NAT except for port 22 for eth0 Blue_Ice Linux - Security 4 01-12-2010 06:33 PM
How to configure Iptables to access VPN behind NAT abinf Linux - Networking 1 10-02-2009 08:28 PM
Iptables letting some traffic trough but not all spixx Linux - Security 2 04-07-2009 01:31 PM
OpenVPN Tunnel all Traffic trough VPN bdegier Linux - Networking 1 02-25-2009 04:55 PM
unable to VPN out from behind NAT (MASQ) dpmlq Linux - Networking 1 06-10-2005 03:00 PM

All times are GMT -5. The time now is 07:45 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration