I have a quandary that I’m fighting with at the moment.

I have a little cloud server on Debian and dedicated IP.

I have an internal raspberrypi radio controller inside a NBN Sat network connection. This is a NAT’ed service at the router so no public IP at my router and no way to get one.

So VPN connection via OpenVPN from inside to dedicated machine and that normal stuff works ok.

The challenge I am having is how to forward some ports to the internal machine. I know it needs to be iptables but finding a how to or simple instructions is sending my brain round the twist all afternoon.

What I have is Public IP - Eth0 on dedicated machine, running OpenVPN Server.

Client machine connecting to that server correctly routing traffic.

Server
Eth0 has public IP
Tun0 has 10.8.0.1 as part of 10.8.0.0/24

Client machine has
Tun0 10.8.0.2

And it works to route the traffic via the VPN, how can I for example forward 15000 port at Eth0 through to the client machine?

Pointers, websites etc would be a great help. Thanks.

David