View Single Post
  #3  
Old 8th June 2008, 00:13
just.another.alex just.another.alex is offline
Junior Member
 
Join Date: Sep 2007
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to just.another.alex
Default

Hello, I can give a solution to you, but since you gave relatively little info about the configuration of the network, I'll assume some things.
So, assuming that your Ubuntu server is a gateway between Internet and some local network(the IPs of the VPN are also "private" IPs), this meaning that an iptables nat/masquerade script is running on the server, you can use "iptables" to make your OpenWRT routers' web interfaces available from outside.

For illustrating the solution, I'll consider that your OpenWRT routers have IPs of the form 10.1.99.*, and that your Ubuntu server is accesible from Internet with, let's say "my-ubuntu-server.org" host name. I'm also assuming that you'd need access to web-interface of two of your routers, with IPs 10.1.99.10 and 10.1.99.20
In the firewall script, add the following lines:

Code:
#access OpenWRT-1 router on the port 5678 of your Ubuntu server
$IPTABLES -t nat -A PREROUTING  -d $IP_INET -p tcp --dport 5678 -j DNAT --to-destination 10.1.99.10:80
$IPTABLES -t nat -A OUTPUT -p tcp -d $IP_INET --dport 5678 -j DNAT --to-destination 10.1.99.10:80
$IPTABLES -t nat -A POSTROUTING -p tcp -d 10.1.99.10 --dport 80 -j SNAT  --to-source $IP_LAN

#access OpenWRT-2 router on the port 7890 of your Ubuntu server
$IPTABLES -t nat -A PREROUTING  -d $IP_INET -p tcp --dport 7890 -j DNAT --to-destination 10.1.99.20:80
$IPTABLES -t nat -A OUTPUT -p tcp -d $IP_INET --dport 7890 -j DNAT --to-destination 10.1.99.20:80
$IPTABLES -t nat -A POSTROUTING -p tcp -d 10.1.99.20 --dport 80 -j SNAT  --to-source $IP_LAN
The variable IP_INET should contain the public IP of your Ubuntu server(the IP that ISP gave to you), and the variable IP_LAN should contain the private IP of your Ubuntu server(the IP of the gateway used by your internal network hosts).

After you'll run the firewall script modified as shown above, you should be able to connect to your web-interfaces of your routers, by simply pointing a web-browser to:
http://my-ubuntu-server.org:5678
(your first OpenWRT router, with 10.1.99.10 vpn ip)

or
http://my-ubuntu-server.org:7890
(your second OpenWRT router, with 10.1.99.20 vpn ip)

The iptables code above simply forwarded ports 5678 and 7890 of your Ubuntu to ports 80 of your OpenWRT-1 router, respectively OpenWRT-2 router.
Good luck!
Reply With Quote