VPN port fowarding

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
vatovey
DD-WRT Novice


Joined: 01 Dec 2020
Posts: 23
PostPosted: Thu Oct 27, 2022 15:23    Post subject: VPN port fowarding Reply with quote
Hello,

Have a Netgear R9000 on the latest firmware (build 50671).

Have configured to connect to Nord VPN along with PBR in order for a couple of devices to be permanentaly connected to the VPN.

Ideally I would like port forward VPN port 80, 8001 and 8002 traffic to one of the devices (a Enigma2 satellite box).

Is this possible ?
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12885
Location: Netherlands
PostPosted: Thu Oct 27, 2022 15:29    Post subject: Reply with quote
Does NordVPN supports port forwarding?

On the DDWRT side that certainly is possible although you have to make the port forwarding rules manually Smile

If you did not find the OpenVPN documentation yet, it is a sticky in this Forum
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
vatovey
DD-WRT Novice


Joined: 01 Dec 2020
Posts: 23
PostPosted: Thu Oct 27, 2022 15:35    Post subject: Reply with quote
Unfortunately, on the Nord VPN side of things, they advise that they do not support port forwarding.

I'll have a look at the OpenVPN sticky - thanks for the info.
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12885
Location: Netherlands
PostPosted: Thu Oct 27, 2022 15:44    Post subject: Reply with quote
It only works if your VPN provider supports port forwarding.

DDWRT supports the use of sport (source port) and dport (destination port) with PBR see if that can be helpful
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
vatovey
DD-WRT Novice


Joined: 01 Dec 2020
Posts: 23
PostPosted: Thu Oct 27, 2022 15:49    Post subject: Reply with quote
@egc

Is this what you were referring to ?

--

We do this by marking the traffic from the NAS (IP address 192.168.1.91) using port 51413
(Transmission) and we instruct netfilter to use table 11 for the marked traffic (table 11 is the table which
has a default route via the VPN) :
ip rule add fwmark 5 table 11
iptables -t mangle -I PREROUTING -s 192.168.1.91 -p tcp --dport 51413 -j MARK --set-mark 5
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12885
Location: Netherlands
PostPosted: Thu Oct 27, 2022 16:05    Post subject: Reply with quote
vatovey wrote:
@egc

Is this what you were referring to ?

--

We do this by marking the traffic from the NAS (IP address 192.168.1.91) using port 51413
(Transmission) and we instruct netfilter to use table 11 for the marked traffic (table 11 is the table which
has a default route via the VPN) :
ip rule add fwmark 5 table 11
iptables -t mangle -I PREROUTING -s 192.168.1.91 -p tcp --dport 51413 -j MARK --set-mark 5


That is certainly a way to do it but also have a look at:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327810, this can be done via the GUI, challenge with this approach is the priority of rules, the last rules made have priority and usually the VPN client rules are made last so the firewall approach might be better in this case.

But the easiest approach might be to route the PBR sources via the WAN (Route Selected Sources via the WAN):
You add the sport of the server and all other clients in CIDR notation you want to use the WAN
the rest will use the VPN Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
vatovey
DD-WRT Novice


Joined: 01 Dec 2020
Posts: 23
PostPosted: Thu Oct 27, 2022 16:07    Post subject: Reply with quote
Will have a read of this, cheers sir.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum