Hi Experts,
I have problem with routing. i hope one of u can help me becouse i am now about 1 week busy and come not out of my problem

Here is my suation.

Open VPN sever:

Ip adres of OpenVPN sever: 10.255.252.1

OpenVPN client get IP range : 10.255.252.2 - 10.255.252.50
SSH server port 22222


VPS (openVZ):

Network interface venet0: wan ip :xx.xx.xx.xx

Network interface tun0 : OpenVPN client IP: 10.255.252.4


Wat i want ssh connection to OpenVPN server via VPS from internet.

like this

internet ----> VPS(openVPN client) ----> OpenVPN server


Now i use this Iptables route

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 22222 -j DNAT --to-destination 10.255.252.1:22222
iptables -t nat -A POSTROUTING -o tun0 -d 10.255.252.1 -p tcp -m tcp --dport 22222 -j SNAT --to 10.255.252.4
iptables -A FORWARD -d 10.255.252.1 -p tcp -m tcp --dport 22222 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

Goes every think oke. i can make connection from internet to OpenVPN server throw Open VPN client.

But if i see ssh log it's says alway that connection come from 10.255.252.4( openVPN client) en not the orginal WAN IP of machine where from i make connection.

Is possibale to get to make route in Iptables that if anybody logon on ssh server via openvpn client that i see his orginate IP en not the ip of OpenVPN client?



I hope u can help me out from this problem

regards,
pumbaa