Hi,

I am trying to reach a Raspberry Pi on my physical LAN
(192.168.10.132), via OpenVPN, from the internet.

The Internet host is 154.77.x.x. This is also the OpenVPN router,
10.8.0.1. The Pi is on 10.8.0.203. I am trying to reach port 3000 from the internet.

From the CentOS 7 server, I can access the Pi over OpenVPN:

root@ns1:[~]$ telnet 10.8.0.203 3000
Trying 10.8.0.203… Connected to 10.8.0.203. Escape character is ‘^]’.

But from the host IP, I cannot get it to connect:

root@ns1:[~]$ telnet 154.77.x.x 3000
Trying 154.77.x.x .. telnet: connect to address 154.77.x.x: Connection timed out

I have tried a few different iptables rules, but simply cannot get it working.

As example:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 8081 -j DNAT –to
10.8.0.202:8081
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 3000 -j DNAT –to
10.8.0.203:3000
iptables -A FORWARD -i eth0 -p tcp –dport 8081 -d 10.8.0.202 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp –dport 3000 -d 10.8.0.203 -j ACCEPT

iptables -A FORWARD -i tun+ -o eth0 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -m state –state RELATED,ESTABLISHED -j ACCEPT