I am running ubuntu 16.0.4 as a wifi hotspot and to share a vpn connection.
eth0 is on subnet 10.10.10.x
tun0 is on subnet 10.9.0.x
wlan0 is on subnet 10.10.11.x
I am able to share the vpn connection with the following rule...
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
... so any wired devices using the ubuntu box as its gateway can share the vpn.
I am also forwarding all traffic on the wireless interface through the vpn and allowing returning traffic with the following...
iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
So far, so good.
But, I want all traffic on port 32400 to be forwarded to eth0 instead, specifically IP 10.10.10.20 (and of course, allow return traffic).
With my current setup, my wireless connections on wlan0 can not see the subnet of eth0.
How can I achieve this? I am fine with either forwarding all traffic on port 32400... or forwarding everything for a single IP(e.g. 10.10.11.200 on wlan0) to 10.10.10.20(eth0).
I've tried both the port forwarding and the IP forwarding but cant't seem to get either working as I'm not sure of the method nor the correct syntax.
Thanks in advance for advice.
These rules should do the trick, assuming destination port is the same 32400 (but I'm not sure about the order refering to other your rules)