OpenVZ VPS 上的 OpenVPN 端口转发

在过去的 3 个小时里，我一直在尝试将客户端的 443 端口转发到服务器（OpenVZ 上的 CentOS 7）上的 20443 端口，这样我就可以通过 myserverip:20443 访问它。我安装了 OpenVPN Access，这是其上的客户端配置： https://i.stack.imgur.com/xghCH.png

我使用这个脚本来转发。

$1 = 客户端端口（此处为 443）

$2 = 外部端口（此处为 20443）

172.28.224.30 = 私人客户端（固定ip）

#!/bin/bash
iptables -A FORWARD -i venet0-p tcp --dport $2 -j ACCEPT
iptables -t nat -A PREROUTING -i venet0 -p tcp -m tcp --dport $2 -j DNAT --to-destination 172.28.224.30:$1
iptables -A FORWARD -i as0t0 -p tcp --dport $1 -j ACCEPT
iptables -t nat -A PREROUTING -i as0t0 -p tcp -m tcp --dport $1 -j DNAT --to-destination 172.28.224.30:$1
iptables -t nat -A PREROUTING -p tcp -d EXTERNAL_IP --dport $2 -j DNAT --to-destination 172.28.224.30:$1
iptables -A FORWARD -p tcp -d 172.28.224.30 --dport $1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -i venet0 -d 172.28.224.30 --dport $2 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d EXTERNAL_IP --dport $2 -j DNAT --to-destination 172.28.224.30:$1

当我在 SSH 上执行“curl 172.28.224.30:443”时，我得到了结果。

当我尝试访问它时，我收到 ERR_CONNECTION_TIMED_OUT（而不是 CONNECTION_REFUSED）。所以我认为端口 20443 已被接受，但不会重定向到 172.28.224.30:443 :/

这是我的 ifconfig ：

as0t0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 172.27.224.1  netmask 255.255.248.0  destination 172.27.224.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 200  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

as0t1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 172.27.232.1  netmask 255.255.248.0  destination 172.27.232.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 200  (UNSPEC)
        RX packets 12  bytes 1075 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14  bytes 981 (981.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 16436
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 82  bytes 6832 (6.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 82  bytes 6832 (6.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 127.0.0.1  netmask 255.255.255.255  broadcast 0.0.0.0  destination 127.0.0.1
        inet6 2001:41d0:51:1::825  prefixlen 56  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)
        RX packets 2900  bytes 206056 (201.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2637  bytes 364050 (355.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet EXTERNAL_IP  netmask 255.255.224.0  broadcast EXTERNAL_BROADCAST destination EXTERNAL_IP
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)

我做错什么了吗？

我也尝试过这样做：socat TCP4-LISTEN：20443，fork TCP4：172.28.224.30：443 没有成功:(

先谢谢了