Port forward over VPN

niren · Wed Jun 25, 2014 6:41 pm

I'm able to connect VPN client to mikrotik's VPN server. VPN i'm using is SSTP so windows client can able to connect to SSTP server of mikrotik server. Now the windows client has access to our office network. I have made port forwarding for window client to access their system.

After windows client connected to mikrotik server over sstp VPN there is a entry in interface

 #   NAME         SERVICE      CALLER-ID         ADDRESS         UPTIME   ENCODING  
 0   niren       sstp          27.34.253.98      192.168.5.1     1h22m5s

Rule for port forwarding:

 0   ;;; chain=dstnat action=dst-nat to-addresses=192.168.2.6 to-ports=3389 protocol=tcp dst-port=16826

Rule of firewall filter:

 0 ;;; chain=forward action=accept protocol=tcp dst-address=192.168.2.6 dst-port=3389

Now windows client is able to RDP to their office system with or without VPN connection by mikrotikIP:16826. So what I want is port forwarding should be done through only VPN and deny for non-VPN client. I tried the following rule but no use.

 0   ;;; chain=dstnat action=dst-nat to-addresses=192.168.2.6 to-ports=3389 protocol=tcp in-interface=niren-remote dst-port=16826

where in-interface=niren-remote is the SSTP VPN interface for the windows client.

Here SSTP VPN and port forwarding is done successfully but I can't restrict port forwarding only for VPN client. Any idea about how to make it work?

noib · Thu Jun 26, 2014 6:14 pm

In you dst-nat rule you can add

src-address=192.168.5.0/24

to limit port forwarding to your "VPN addresses". "192.168.5.0/24" has to be tuned to your needs.

Port forward over VPN

Port forward over VPN

Re: Port forward over VPN

Who is online