Server A = Hetzner (public IP 193.1.1.2) that compute with virtual machines that have network br0.
Server B = VPS (public IP 176.1.1.2). From that VM we will do portforwarding.
On server A, file /etc/rc.local
ip tunnel add gre1 mode gre local 193.1.1.2 remote 176.1.1.2 ttl 255 ip addr add 10.0.0.2/30 dev gre1 ip link set gre1 up #echo '100 GRE' >> /etc/iproute2/rt_tables ip rule add from 10.0.0.0/30 table GRE ip route add default via 10.0.0.1 table GRE ip route add 10.96.111.0/24 dev br0 table GRE
On server A, file /etc/sysconfig/iptables we will forward VPS:23 to VM 111.2:22
*nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -d 10.0.0.2 -p tcp -m tcp --dport 23 -j DNAT --to-destination 10.96.111.2:22 -A POSTROUTING -s 10.96.111.0/24 -o gre1 -j SNAT --to-source 10.0.0.2 COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -p gre -j ACCEPT -A FORWARD -i br0 -o gre1 -j ACCEPT -A FORWARD -i gre1 -o br0 -j ACCEPT -A OUTPUT -o gre+ -j ACCEPT COMMIT
On VPS (server B) file /etc/rc.local
ip tunnel add gre1 mode gre local 176.1.1.2 remote 193.1.1.2 ttl 255 ip addr add 10.0.0.1/30 dev gre1 ip link set gre1 up ip r a 10.96.111.0/24 dev gre1
File /etc/sysconfig/iptables. Forward 222 port to server_a:23 and port 223 for forwarding directly to vm 111.2:22
*nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -d 176.1.1.2 -p tcp -m tcp --dport 222 -j DNAT --to-destination 10.0.0.2:23 -A PREROUTING -d 176.1.1.2 -p tcp -m tcp --dport 223 -j DNAT --to-destination 10.96.111.2:22 -A POSTROUTING -s 10.0.0.0/30 -o eth0 -j SNAT --to-source 176.32.39.88 -A POSTROUTING -s 10.96.111.0/24 -o eth0 -j SNAT --to-source 176.32.39.88 -A POSTROUTING ! -s 10.0.0.0/30 -o gre+ -j SNAT --to-source 10.0.0.1 COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -p gre -j ACCEPT -A FORWARD -i gre+ -o eth0 -j ACCEPT -A FORWARD -i eth0 -o gre+ -j ACCEPT -A OUTPUT -o gre+ -j ACCEPT COMMIT