Port forwarding
Let's say you have a VPN server and a webserver. The webserver is connected to the VPN server. You want to be able to access the webserver from the VPN server.
The first step is to give the client a static IP. You can read about that here. I entered ifconfig-push 192.168.254.1 192.168.254.2. For a second server, you could enter ifconfig-push 192.168.254.3 192.168.254.4 and so on.
(to enter the container use docker exec -it <container name> /bin/sh or docker-compose exec <service name> /bin/sh. Use exit to exit)
Test that your webserver is working inside the container (without any ports being forwarded):
wget -O - 192.168.254.1:8080
Add a port mapping to your docker command or compose file:
ports:
- '1194:1194/udp'
- '8080:8080'then docker-compose up -d openvpn
Port forward using IP tables (in the container):
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8080 -j DNAT --to 192.168.254.1:8080
iptables -A FORWARD -p tcp -d 192.168.254.1 --dport 8080 -j ACCEPT
This routes everything on eth0 port 8080 to 192.168.254.1:8080. I don't understand iptables but this works and you can edit this to go to a different IP or use different ports. For UDP change tcp to udp.
Now exit the container and test from outside:
wget -O - localhost:8080
Mobile phone with IP Webcam connected to VPN on a VPS, accessible through the VPS without doing any port forwarding on my home network!
Not sure how to do this yet, I've tried making a dockerfile but that didn't work.
For now manually run the script forward.sh:
set -x
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8080 -j DNAT --to 192.168.254.1:8080
iptables -A FORWARD -p tcp -d 192.168.254.1 --dport 8080 -j ACCEPT
# more ports below..docker exec -i openvpn /bin/sh < ./openvpn/forward.sh
# or
docker-compose exec -T openvpn /bin/sh < ./openvpn/forward.sh