port forwarding is not working when OpenVPN client is active

M

mrjayviper

Weaksauce
Joined
Jul 17, 2012
Messages
91
I'm trying to SSH into a UNIX box in my home network from work but the connection is timing out. I looked at my port forwarding settings everything seems to be ok.

Port forwarding works fine if I turn off the OpenVPN client.

Can you please help find a fix to my problem that doesn't involve turning off OpenVPN client? if it's fixable of course.

Thanks a lot!

some info:

1. I can access the DDWRT Web Admin website remotely.

2. OpenVPN client is active. I have used Policy-based Routing setting to be able to access my router Web admin remotely.

3. iptable commands (all commands were run using DDWRT Administration => Commands unless stated otherwise)

Code: 
#iptables -t nat -vnL PREROUTING

Chain PREROUTING (policy ACCEPT 3771 packets, 268K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  469 29996 DNAT       tcp  --  *      *       0.0.0.0/0            ISP-provided-static-IP         tcp dpt:443 to:192.168.1.1:443 
    2   112 DNAT       icmp --  *      *       0.0.0.0/0            ISP-provided-static-IP         to:192.168.1.1 
    0     0 DNAT       udp  --  ppp0   *       0.0.0.0/0            ISP-provided-static-IP         udp dpt:56010 to:192.168.1.31:56010 
    0     0 DNAT       tcp  --  ppp0   *       0.0.0.0/0            ISP-provided-static-IP         tcp dpt:56010 to:192.168.1.31:56010 
    7   448 DNAT       tcp  --  *      *       0.0.0.0/0            ISP-provided-static-IP         tcp dpt:3283 to:192.168.1.11:3283 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            ISP-provided-static-IP         udp dpt:3283 to:192.168.1.11:3283 
   10   592 DNAT       tcp  --  *      *       0.0.0.0/0            ISP-provided-static-IP         tcp dpt:5900 to:192.168.1.11:5900 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            ISP-provided-static-IP         udp dpt:5900 to:192.168.1.11:5900 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            ISP-provided-static-IP         tcp dpt:322 to:192.168.1.13:322 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            ISP-provided-static-IP         udp dpt:322 to:192.168.1.13:322 
    3   192 DNAT       tcp  --  *      *       0.0.0.0/0            ISP-provided-static-IP         tcp dpt:522 to:192.168.1.15:522 
    2    56 DNAT       udp  --  *      *       0.0.0.0/0            ISP-provided-static-IP         udp dpt:522 to:192.168.1.15:522 
 2320  145K TRIGGER    0    --  *      *       0.0.0.0/0            ISP-provided-static-IP         TRIGGER type:dnat match:0 relate:0 
 
 
 #iptables -vnL FORWARD
 
 Chain FORWARD (policy ACCEPT 330 packets, 22973 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  311 15092 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
 6222  430K lan2wan    0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.31        udp dpt:56010 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.31        tcp dpt:56010 
    7   448 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.11        tcp dpt:3283 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.11        udp dpt:3283 
   10   600 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.11        tcp dpt:5900 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.11        udp dpt:5900 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.13        tcp dpt:322 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.13        udp dpt:322 
    3   192 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.15        tcp dpt:522 
    2    56 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.15        udp dpt:522 
    0     0 TRIGGER    0    --  ppp0   br0     0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0 
 6200  429K trigger_out  0    --  br0    *       0.0.0.0/0            0.0.0.0/0           
 5870  406K ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0           state NEW

4. result of route -n

Code: 
#route -n
 
 Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.20.21.18     0.0.0.0         UG    0      0        0 ppp0
10.20.21.18     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
10.208.111.17   0.0.0.0         255.255.255.255 UH    0      0        0 tun1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 br0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br0

5. result of ping commands

#ping -c 5 192.168.1.13

PING 192.168.1.13 (192.168.1.13): 56 data bytes
64 bytes from 192.168.1.13: seq=0 ttl=64 time=1.887 ms
64 bytes from 192.168.1.13: seq=1 ttl=64 time=0.615 ms
64 bytes from 192.168.1.13: seq=2 ttl=64 time=0.628 ms
64 bytes from 192.168.1.13: seq=3 ttl=64 time=0.580 ms
64 bytes from 192.168.1.13: seq=4 ttl=64 time=0.555 ms
--- 192.168.1.13 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.555/0.853/1.887 ms

#ping -c 5 192.168.1.15

PING 192.168.1.15 (192.168.1.15): 56 data bytes
64 bytes from 192.168.1.15: seq=0 ttl=64 time=0.758 ms
64 bytes from 192.168.1.15: seq=1 ttl=64 time=0.378 ms
64 bytes from 192.168.1.15: seq=2 ttl=64 time=0.359 ms
64 bytes from 192.168.1.15: seq=3 ttl=64 time=0.402 ms
64 bytes from 192.168.1.15: seq=4 ttl=64 time=0.440 ms
--- 192.168.1.15 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.359/0.467/0.758 ms
Click to expand...
6. result of nmap command. This was run remotely (at work).

Code: 
08:52:21 Tue Jul 21
root@mymacbook : ~
=> nmap -sT -sU -p 522 ISP-provided-static-IP

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-07-21 08:52 ACST
Nmap scan report for ISP-provided-static-IP (ISP-provided-static-IP)
Host is up (0.00034s latency).
rDNS record for ISP-provided-static-IP: ISP-provided-static-IP
PORT    STATE         SERVICE
522/tcp filtered      ulp
522/udp open|filtered ulp

Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds

7. result of ssh command. This was run remotely (at work).

Code: 
08:52:28 Tue Jul 21
root@mymacbook : ~
=> ssh -p 522 myuser@ISP-provided-static-IP
ssh: connect to host ISP-provided-static-IP port 522: Operation timed out
 
Last edited:
You must log in or register to reply here.
Back
Top