Hello, i have the following scenario:

192.168.1.1 - Router
192.168.1.2 - VPN Router
192.168.1.83 Client

192.168.1.1 «eth0» 192.168.1.2 «eth0, tun0» 192.168.1.83

My Router provides internet access, VPN Router serves all the home Machines with it's VPN IP.

Everything is working properly, with the exception that i can't forward a specific port (51413) to my client machine.

This is my actual configuration:

sudo iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:51413
ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpt:51413

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* vpn */
ACCEPT icmp -- anywhere anywhere /* icmp */
ACCEPT all -- anywhere 192.168.1.0/24 /* lan */
ACCEPT udp -- anywhere anywhere udp dpt:1198 /* openvpn */
ACCEPT tcp -- anywhere anywhere tcp spt:ssh /* ssh */
ACCEPT udp -- anywhere anywhere udp dpt:ntp /* ntp */
ACCEPT udp -- anywhere anywhere udp dpt:domain /* dns */
ACCEPT tcp -- anywhere anywhere tcp dpt:domain /* dns */
DROP all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:51413

How can i solve this issue? Can someone point me in the right direction?

Been searching and couldn't find a solution.

Thanks in advance

You need to use the nat table's prerouting chain to port forward. Port forwarding across two devices (router and VPN) can be more complicated as you might need nat rules on both servers - it depends on how the VPN router is setup. But in general you can port forward from the outside router to your client with rules like this on the router:

Where $EXT_IP is your external, public IP address on the router. You can view the existing rules with 'iptables -t nat -L'.