IPSEC Site to Site (port forward)

Hi,

I have problem with virtual network inside IPSEC and DNAT.

Site A
WAN IP: 1.2.3.4
Local IP: 192.168.1.0/24

Site B
WAN IP: 5.6.7.8
Local IP 192.168.5.1/24

I’ve created IPSEC from Site A to Site B
For Site B I’ve created “virtual network” for IPSEC (10.10.10.4/30)

So Ipsec traffic goes from site A 192.168.1.0/24 to Site B 10.10.10.4/30

I want forward specific port 8921 to local address on site B (192.168.5.3)
so if host from Site A 192.168.1.X goes to 10.10.10.5 on port 8921 it shoud reach 192.168.5.3 on port 8921

On site B we created nat rule:
iptables -t nat -A PREROUTING -d 10.10.10.5 -p tcp --dport 8921 -j DNAT --to-destination 192.168.5.3

We can telnet destination but after connection on port 8921 no data is shown… like there is no response

We added snat rule but still no responce:

iptables -t nat -A POSTROUTING -d 192.168.5.3 -p tcp --dport 8921 -j SNAT --to-source 10.10.10.5

I also tried oposite direction: from site B to site A
iptables -t nat -I POSTROUTING -s 192.168.5.0/24 -d 192.168.1.0/24 -j NETMAP --to 10.10.10.5

I can ping hosts on 192.168.5.0 network but if I try RDP for example I receive Username and password prompt but after that connetion does not establish.

what am i missing?

This topic was automatically closed after 15 days. New replies are no longer allowed.