VPS-сервер на Debian с OVPN. На своей машине подключившись к vpn указываю в eDonkey порты 40001 для tcp и 40002 для udp, в uTorrent порт 40001.
10.8.0.14 tun0 клиента
10.8.0.1 tun0 сервера
82.146.34.95 eth0 сервера
На сервере делаю:
iptables -t nat -A PREROUTING --dst 82.146.34.95 -p tcp --dport 40001 -j DNAT --to-destination 10.8.0.14
iptables -I FORWARD 1 -i eth0 -o tun0 -d 10.8.0.14 -p tcp -m tcp --dport 40001 -j ACCEPT
iptables -t nat -A PREROUTING --dst 82.146.34.95 -p udp --dport 400021 -j DNAT --to-destination 10.8.0.14
iptables -I FORWARD 1 -i eth0 -o tun0 -d 10.8.0.14 -p udp -m udp --dport 40002 -j ACCEPT
Вывод sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere cascade.fvds.ru tcp dpt:40001 to:10.8.0.14
DNAT udp -- anywhere cascade.fvds.ru udp dpt:6805 to:10.8.0.14
DNAT udp -- anywhere cascade.fvds.ru udp dpt:6805 to:10.8.0.14
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.8.0.0/24 anywhere
Поставил linux-igd, в настройках EXTIFACE=eth0 и INTIFACE=tun0, запускаю сервис, смотрю вывод sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere cascade.fvds.ru tcp dpt:40001 to:10.8.0.14
DNAT udp -- anywhere cascade.fvds.ru udp dpt:6805 to:10.8.0.14
DNAT udp -- anywhere cascade.fvds.ru udp dpt:6805 to:10.8.0.14
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.8.0.0/24 anywhere
В eDonkey и uTorrent выставляю "UPnP настройка портов". Не работает.
Вывод sudo iptables-save
# Generated by iptables-save v1.4.14 on Sat Aug 16 19:09:54 2014
*mangle
:PREROUTING ACCEPT [867129:750867485]
:INPUT ACCEPT [355813:364291418]
:FORWARD ACCEPT [511316:386576067]
:OUTPUT ACCEPT [272721:81309050]
:POSTROUTING ACCEPT [784077:467905221]
COMMIT
# Completed on Sat Aug 16 19:09:54 2014
# Generated by iptables-save v1.4.14 on Sat Aug 16 19:09:54 2014
*filter
:INPUT ACCEPT [355816:364291594]
:FORWARD ACCEPT [503874:386189171]
:OUTPUT ACCEPT [272732:81310118]
:ispmgr_allow_ip - [0:0]
:ispmgr_allow_sub - [0:0]
:ispmgr_deny_ip - [0:0]
:ispmgr_deny_sub - [0:0]
-A INPUT -j ispmgr_deny_ip
-A INPUT -j ispmgr_allow_ip
-A INPUT -j ispmgr_allow_sub
-A INPUT -j ispmgr_deny_sub
-A FORWARD -d 10.8.0.14/32 -i eth0 -o tun0 -p udp -m udp --dport 40002 -j ACCEPT
-A FORWARD -d 10.8.0.14/32 -i eth0 -o tun0 -p tcp -m tcp --dport 40001 -j ACCEPT
COMMIT
# Completed on Sat Aug 16 19:09:54 2014
# Generated by iptables-save v1.4.14 on Sat Aug 16 19:09:54 2014
*nat
:PREROUTING ACCEPT [33768:2570979]
:INPUT ACCEPT [13924:819990]
:OUTPUT ACCEPT [498:43239]
:POSTROUTING ACCEPT [2465:149867]
-A PREROUTING -d 82.146.34.95/32 -p tcp -m tcp --dport 40001 -j DNAT --to-destination 10.8.0.14
-A PREROUTING -d 82.146.34.95/32 -p udp -m udp --dport 6805 -j DNAT --to-destination 10.8.0.14
-A PREROUTING -d 82.146.34.95/32 -p udp -m udp --dport 6805 -j DNAT --to-destination 10.8.0.14
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat Aug 16 19:09:54 2014
Что делать?
Сложный
Простой
Простой
