0

The Goal

Hello, I have run into quite a wall when it comes to figuring out my issue of forwarding ports through my remote VPS to my local home server. What I am trying to do is host a Counter Strike GO server for my buddies and I but have everyone (including myself) connect via a VPS located in Dallas TX which would in theory forward the requests via OpenVPN to my home server as that would equalize any ping advantage I would have over my friends on the east coast.

The Ports and IPs

27005 UDP outbound

27015 TCP and UDP inbound and outbound Main port

27020 UDP inbound and outbound

51840 UDP outbound

WAN VPS 45.58.xx.xx

VPN Gateway 10.8.0.1

VPN Client 10.8.0.2

The Problem

So now this seems like it should be a simple project and that is what I thought at first but upon scouring the web for other forum posts and trying many of them I have come up empty handed. My goal was to use iptables and below are the different combinations of commands I tried to run with no success in accomplishing my goal.

sysctl -w net.ipv4.ip_forward=1

iptables -I FORWARD 1 -d 10.8.0.2 -p tcp --dport 27015 -j ACCEPT iptables -I FORWARD 1 -d 10.8.0.2 -p udp --dport 27015 -j ACCEPT iptables -I FORWARD 1 -d 10.8.0.2 -p udp --dport 27020 -j ACCEPT iptables -t nat -A POSTROUTING -m conntrack --ctstate DNAT -d 10.8.0.2 -p tcp --dport 27015 -j SNAT --to-source 10.8.0.1 iptables -t nat -A POSTROUTING -m conntrack --ctstate DNAT -d 10.8.0.2 -p udp --dport 27015 -j SNAT --to-source 10.8.0.1 iptables -t nat -A POSTROUTING -m conntrack --ctstate DNAT -d 10.8.0.2 -p udp --dport 27020 -j SNAT --to-source 10.8.0.1 iptables -t nat -A POSTROUTING -m conntrack --ctstate DNAT -d 10.8.0.2 -p udp --dport 27005 -j SNAT --to-source 10.8.0.1 iptables -t nat -A POSTROUTING -m conntrack --ctstate DNAT -d 10.8.0.2 -p udp --dport 51840 -j SNAT --to-source 10.8.0.1 
iptables -t nat -A PREROUTING -d 45.58.xx.xx -p udp --dport 27005 -j DNAT --to-dest 10.8.0.2:27005 iptables -t nat -A PREROUTING -d 45.58.xx.xx -p tcp --dport 27015 -j DNAT --to-dest 10.8.0.2:27015 iptables -t nat -A PREROUTING -d 45.58.xx.xx -p udp --dport 27015 -j DNAT --to-dest 10.8.0.2:27015 iptables -t nat -A PREROUTING -d 45.58.xx.xx -p udp --dport 27020 -j DNAT --to-dest 10.8.0.2:27020 iptables -t nat -A POSTROUTING -d 10.8.0.2 -p tcp --dport 27015 -j SNAT --to-source 10.8.0.1 iptables -t nat -A POSTROUTING -d 10.8.0.2 -p udp --dport 27015 -j SNAT --to-source 10.8.0.1 iptables -t nat -A POSTROUTING -d 10.8.0.2 -p udp --dport 27020 -j SNAT --to-source 10.8.0.1 iptables -t nat -A POSTROUTING -d 10.8.0.2 -p udp --dport 27005 -j SNAT --to-source 10.8.0.1 iptables -t nat -A POSTROUTING -d 10.8.0.2 -p udp --dport 51840 -j SNAT --to-source 10.8.0.1

Now, neither of those combinations of iptable entries worked as when I had the server running on my local server I was unable to view any service running on any of those ports or connect to the server via my CSGO client. Also, between the sets of commands I cleared the iptables and all of those commands were run with sudo and afterword iptables-save was run.

More Info

When I run the command ip a this is the dump I receive from the console.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/void inet 127.0.0.1/32 scope host venet0 valid_lft forever preferred_lft forever inet 45.58.xx.xx/32 brd 45.58.xx.xx scope global venet0:0 valid_lft forever preferred_lft forever inet6 2602:ffc5:1f::xx:xxxx/128 scope global valid_lft forever preferred_lft forever inet6 ::2/128 scope global valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fddd:1194:1194:1194::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::2105:549d:51f6:9a16/64 scope link stable-privacy valid_lft forever preferred_lft forever

One thing I noticed about the above dump is that I do not have eth0 but rather my WAN is connected via venet0. I am not sure if that would make a difference.

Other than this port forwarding nonsense, I am able to connect to the VPN and I do have internet connectivity on my local server when I am connected.

Thank you!

Improve this question
0

1 Answer 1

Reset to default
1

The Solution

As it usually is, the simple solution is what is needed. In the end my problem revolved around Windows Firewall. For some reason it did not allow my CSGO server to communicate through the firewall.

All I did was open the firewall to my server exe and the iptables commands I used are as follows which I found from linuxquestisons:

iptables -t nat -A POSTROUTING --out-interface tun0 -j MASQUERADE iptables -A FORWARD --in-interface venet0 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -i venet0 -m tcp --dport 27015 -j DNAT --to-destination 10.8.0.2:27015

That's literally it. Thanks for reading my post and hopefully this helps someone else in the future.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.