Port forwarding

Let's say you have a VPN server and a webserver. The webserver is connected to the VPN server. You want to be able to access the webserver from the VPN server.

The first step is to give the client a static IP. You can read about that here. I entered ifconfig-push 192.168.254.1 192.168.254.2. For a second server, you could enter ifconfig-push 192.168.254.3 192.168.254.4.

Test that your webserver is working inside the container (without any ports being forwarded):

wget -O - 192.168.254.1:8080

Add a port mapping to your docker command or compose file:

    ports: 
      - '1194:1194/udp'
      - '127.0.0.1:8080:8080'

then docker-compose up -d openvpn

Enter the container using one of these commands, assuming your service or container is called openvpn:

docker-compose exec openvpn /bin/sh
docker exec -it openvpn /bin/sh

Port forward using IP tables:

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8080 -j DNAT --to 192.168.254.1:8080
iptables -A FORWARD -p tcp -d 192.168.254.1 --dport 8080 -j ACCEPT

This routes everything on eth0 port 8080 to 192.168.254.1:8080. I don't understand iptables but this works and you can edit this to go to a different IP or use different ports. For UDP change tcp to udp.

Now exit the container and test from outside:

wget -O - 192.168.254.1:8080

Mobile phone with IP Webcam connected to VPN on a VPS, accessible through the VPS without doing any port forwarding on my home network!