Имеется сеть рабочая сеть Openvpn .
ip сервера eth0 62.109.4.21 (белый ip) ip сервера tun0 192.168.5.1 ip клиента tun0 192.5168.5.22
Нучно с сервера с внешнего интерфейса (eth0) пробросить порт (например для начала 22 ) на внутренний клиента (192.5168.5.22) Что я прописал:
iptables -t nat -A PREROUTING -p tcp -m tcp -d 62.109.4.21 --dport 205 -j DNAT --to-destination 192.168.5.22:22
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:f3:c4:a0 brd ff:ff:ff:ff:ff:ff
inet 62.109.4.21/21 brd 62.109.7.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fef3:c4a0/64 scope link
valid_lft forever preferred_lft forever
52: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 192.168.5.1 peer 192.168.5.2/32 scope global tun0
valid_lft forever preferred_lft forever
Chain PREROUTING (policy ACCEPT 7824 packets, 1177K bytes)
pkts bytes target prot opt in out source destination
1 52 DNAT tcp -- * * 0.0.0.0/0 62.109.4.21 tcp dpt:205 to:192.168.5.22:22
Chain INPUT (policy ACCEPT 112 packets, 13014 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2 packets, 143 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 3 packets, 195 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 192.168.5.0/24 0.0.0.0/0
Chain INPUT (policy ACCEPT 2131 packets, 718K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 3 packets, 152 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 989 packets, 171K bytes)
pkts bytes target prot opt in out source destination
12:40:37.514520 IP 95-27-127-250.broadband.corbina.ru.51838 > 192.168.5.22.ssh: Flags [S], seq 1687227804, win 8192, options [mss 1416,nop,wscale 8,nop,nop,sackOK], length 0
12:40:40.513949 IP 95-27-127-250.broadband.corbina.ru.51838 > 192.168.5.22.ssh: Flags [S], seq 1687227804, win 8192, options [mss 1416,nop,wscale 8,nop,nop,sackOK], length 0
12:40:46.514246 IP 95-27-127-250.broadband.corbina.ru.51838 > 192.168.5.22.ssh: Flags [S], seq 1687227804, win 8192, options [mss 1416,nop,nop,sackOK], length 0