Port forward to VPN

giordy · October 23, 2018, 6:41am

Hi *

I have a small configuration problem on a test network that I’m studying.
A - I have an AWS server (therefore public) on which a VPN server is installed (nethserver 7.5)
B - I have a firewall (nethserver 7.5) that manages my LAN and my DMZ (192.168.5.0/24)
C - I have a server in DMZ (debian 9) with a test web server

What I would like to do is point to the public of AWS and through port forward etc … I would like to see the website, only that despite having set the port forward, shorewall on AWS dropping the packages
Do I miss something?
in ssh on the AWS server I reach my web server both on ssh and http without problems

eg:
fw-kernel test: Shorewall: net2ovpn: DROP: IN = eth0 OUT = tunaws MAC = 06: c6: ab: a4: 4f: 48: 06: c3: 08: 57: d7: aa: 08: 00 SRC = 80.82. 70.118 DST = 192.168.5.9 LEN = 44 TOS = 0x00 PREC = 0x00 TTL = 242 ID = 20285 PROTO = TCP SPT = 60000 DPT = 80 WINDOW = 1024 RES = 0x00 SYN URGP = 0

AWS

thank’s
Giordy

m.traeumner · October 23, 2018, 11:49am

Sorry for asking, but I don’t know if I understand your question at the right way.

You have a website at the debian server and users from outside should call an address at the AWS, which forward the call over VPN to the debian Server? Is this right?

Perhaps this helps, but not sure:

https://www.netgate.com/docs/pfsense/vpn/openvpn/sharing-a-port-between-openvpn-and-a-web-server.html

giordy · October 23, 2018, 12:07pm

Yes

    that's right

m.traeumner · October 23, 2018, 12:40pm

I’m not a VPN guru, but I think you could create a rule with iptables which forwards the http and https ports from wan device to your vpn port at the tun device.

https://wiki.debian.org/OpenVPN#Forward_traffic_via_VPN