[Solved] Forwarding port behind tun interface

hi guys, first of all, i’m actually unsure what to put in my thread title because i’m not even sure what am i doing right now (duh). this isn’t in pfsense but rather between linux to linux pcs.

So i have:

  • VPS with static IPv4 IP, act as OpenVPN server with tun0 ip
  • x86 pc in my house running Ubuntu, act as OpenVPN client with tun0 ip
  • x86 pc in my grandma’s PC using debian , act as OpenVPN client with tun0 ip


for now, a can do ssh from Ubuntu directly into Debian, and vice versa
user@ubuntu~: ssh debian@ (works ok)

while i install apache2 in debian, and modify the apache2.conf to listen in tun0 only, it works great as intended. the ubuntu pc can just open and the web server is there. same goes for other software that allow me to modify listening interface.

it’s all works great until i met app that won’t allow me to change listening interface (such as nodejs apps). for example, i run statusmonitor.js from debian
user@debian~: node statusminitor.js

Service is running, open http://localhost:8888 for web gui

when i open http://localhost:8888 from my debian, it works and show the web ui, but when i open from my ubuntu box, it doesn’t connect at all. says target unreachable .etc.etc
i tried to looks from that app wiki, but it seems there is no option to make the listening interface into tun0, or even eth0. only localhost

after hours scratching ma head over this, i found this ssh port forwarding
in debian,i run
$ ssh -R 10000:localhost:8888 jaileduser@

and then in ubuntu, i run
ssh -L 8888:localhost:10000 jaileduser@

once the ssh in ubuntu connect, i opened http://localhost:8888, ta-da the app in debian box is now connected. case closed, but i’m annoyed. i already have a vpn interface, why the debian tun0 interface can’t do it? i had to go all my way to create port forwarding using ssh

my question, is there a way in linux (i mean, like debian, ubuntu) to do some kind of port forwarding so i don’t have to build a ssh tunnel?. i want to my debian box works like this:

When there is a traffic from goes to my port 8888, forward it to port 8888

how do i tell my debian to do this? what kind of tools should i use? i have difficulties in determining what keywords should i use in search engine, what should i looking for?

sorry if my question is unclear, thank you in advance

edit: i figured it out.

  1. I found in this link to enable local forwarding.
sysctl -w net.ipv4.conf.tun0.route_localnet=1
  1. and then use iptables do do the port forwarding
# iptables -A PREROUTING -t nat -i tun0 -p tcp --dport 8888 -j DNAT --to
# iptables -A FORWARD -p tcp -d --dport 8888 -j ACCEPT

now i can just use from machine and it works!

1 Like