Linux Web server and VPN,Proxy or Other Services Use A Same Port

I tried to explain how to use the web server and the program we want with the same IP address and port as İptables and Cloudflare.

Public use on open networks is sometimes only open to some ports with all ports disabled. In such cases, we prefer 443 port on our VPN servers. It is not possible to provide both web and VPN services from a server using the same port under normal conditions. A port at an IP address can only use one program.

How will you use two services in a one port?

We will use a firewall for this. The firewall will route requests to the server looking at the ip address of incoming requests. We need to know where at least one traffic is coming from to get directions. So we need to use a free proxy web service. With the proxy service, we will know the IP addresses that the web service wants to access. Cloudflare is a free web proxy service. The IP addresses of Cloudlfare servers are up to date https://www.cloudflare.com/ips-v4.

I chose to use 443 for web service and 60692 for vpn service on my system.

#İf you need latest Cloudflare ipv4 block you can try this command
curl https://www.cloudflare.com/ips-v4 -s | tr '\n' ',' | sed 's/.$//'
#Cloudflare redirect web trafic to web server
iptables -t nat -A PREROUTING -s \
103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,\
162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17 \
-p tcp --dport 443 -j DNAT --to-destination :443
#VPN trafic redirect to your vpn service port
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination :60692

We redirect traffic from Cloudflare to web server,from outside Cloudflare was directed to VPN server.

comments powered by Disqus