abelbeck
commented
7 years ago Your are getting dropped FORWARD packets because 10.0.0.14 is unknown to any INT_IF - INTERNAL_NET networks. Though if you wanted to forward to an OpenVPN client, say 10.8.0.4, that would work.
Taking a step back, since this AIF box is behind a "consumer router" firewall, in the DMZ, it is receiving all the unhandled packets of the NAT of the consumer router. If you want to port forward 1.2.3.4~55538>10.0.0.14~22 that would have to be done on the "consumer router" firewall, per your current network configuration as I see it.
Glad to hear you got OpenVPN working, though I would remove a couple lines of your AIF configuration for only OpenVPN support:
EXT_IF="eth0"
EXT_IF_DHCP_IP="0"
INT_IF="tun+"
INTERNAL_NET="10.8.0.0/24"
NAT=1
NAT_INTERNAL_NET="10.8.0.0/24"
OPEN_UDP="1194"
newmedicine
I have managed to get OpenVPN working with AIF by setting INT_IF to tun+ as below. The AIF machine is sitting in the DMZ of consumer router. I also want to forward port 55538 (for incoming connection from host 1.2.3.4) to port 22 on a LAN host (10.0.0.14), which I thought I'd be able to do using NAT_FORWARD_TCP as below:
However, I'm getting
Dropped FORWARD packetin the logs:AIF:Dropped FORWARD packet: IN=eth0 OUT=eth0 MAC=themacaddress SRC=1.2.3.4 DST=10.0.0.14 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=15573 DF PROTO=TCP SPT=35616 DPT=55538 WINDOW=29200 RES=0x00 SYN URGP=0.Please can anyone offer any advice about getting this to work?
Thanks
Nick