hi guys, first of all, i’m actually unsure what to put in my thread title because i’m not even sure what am i doing right now (duh). this isn’t in pfsense but rather between linux to linux pcs.
So i have:
- VPS with static IPv4 IP, act as OpenVPN server with tun0 ip 10.8.8.1
- x86 pc in my house running Ubuntu, act as OpenVPN client with tun0 ip 10.8.8.2
- x86 pc in my grandma’s PC using debian , act as OpenVPN client with tun0 ip 10.8.8.3
for now, a can do ssh from Ubuntu directly into Debian, and vice versa
user@ubuntu~: ssh debian@10.8.8.3 (works ok)
while i install apache2 in debian, and modify the apache2.conf to listen in tun0 only, it works great as intended. the ubuntu pc can just open http://10.8.8.3 and the web server is there. same goes for other software that allow me to modify listening interface.
it’s all works great until i met app that won’t allow me to change listening interface (such as nodejs apps). for example, i run statusmonitor.js from debian
user@debian~: node statusminitor.js
Service is running, open http://localhost:8888 for web gui
when i open http://localhost:8888 from my debian, it works and show the web ui, but when i open http://10.8.8.3:8888 from my ubuntu box, it doesn’t connect at all. says target unreachable .etc.etc
i tried to looks from that app wiki, but it seems there is no option to make the listening interface into tun0, or even eth0. only localhost
after hours scratching ma head over this, i found this ssh port forwarding
in debian,i run
$ ssh -R 10000:localhost:8888 jaileduser@10.8.8.1
and then in ubuntu, i run
ssh -L 8888:localhost:10000 jaileduser@10.8.8.1
once the ssh in ubuntu connect, i opened http://localhost:8888, ta-da the app in debian box is now connected. case closed, but i’m annoyed. i already have a vpn interface, why the debian tun0 interface can’t do it? i had to go all my way to create port forwarding using ssh
my question, is there a way in linux (i mean, like debian, ubuntu) to do some kind of port forwarding so i don’t have to build a ssh tunnel?. i want to my debian box works like this:
When there is a traffic from
10.8.8.2goes to my10.8.8.3port8888, forward it to127.0.0.1port8888
how do i tell my debian to do this? what kind of tools should i use? i have difficulties in determining what keywords should i use in search engine, what should i looking for?
sorry if my question is unclear, thank you in advance
–
edit: i figured it out.
- I found in this link to enable local forwarding.
sysctl -w net.ipv4.conf.tun0.route_localnet=1
- and then use iptables do do the port forwarding
# iptables -A PREROUTING -t nat -i tun0 -p tcp --dport 8888 -j DNAT --to 127.0.0.1:8888
# iptables -A FORWARD -p tcp -d 127.0.0.1 --dport 8888 -j ACCEPT
now i can just use http://10.8.8.3:8888 from 10.8.8.2 machine and it works!