Incoming Port Forwarding
I have PIA working on my R7000 with Advanced Tomatoe. I am trying to forward some incoming ports.
Can this be done with the following for port 8000 and internal ip 192.168.1.50
Do I add this to the firewall rule under the advanced -> scripts -> Firewall?
How do I know what Tun# to use?
Do these settings only apply after a reboot of the router?
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.50 --dport 8000 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.50 --dport 8000 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 8000 -j DNAT --to-destination 192.168.1.50
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 8000 -j DNAT --to-destination 192.168.1.50
Comments
Unfortunately, PIA does not allow forwarding arbitrary ports, so it's not possible to use port 8000 at all. Additionally, if you try to forward a port from your public IP outside of PIA, it also won't work because the replies your computer will send back to requests will be routed back into the VPN.
It is possible to have port forwarding set up on the router and send it to a computer, but it's honestly quite complicated for little to no benefits. I would highly recommend just running the PIA app on the computer that needs a forwarded port if possible.
To enable port forwarding, your router needs to make a call to the Port forwarding API, and then dynamically configure itself to configure that port to redirect it to the local computer that needs it. This can be done with an OpenVPN up script as documented in the OpenVPN manual, but this gets a bit complicated with DD-WRT as you need to have a place to store that script.