In addition, to make some services in VPS with internal IP address be accessible from the Internet, DNAT (Destination Network Address Translation) should be configured on the Hardware Node. To perform a simple DNAT setup, execute the following command on the Hardware Node:

# iptables -t nat -A PREROUTING -p tcp -d ip_address --port port_num -i eth0 -j DNAT --to-destination vps_address:dst_port_num

where vps_address is an IP address of VPS, dst_port_num is a tcp port, which required service use, ip_address is the external IP address of your Hardware Node, and port_num is a tcp port of Hardware Node, which will be used for Internet connections to private VPS service. Note that this setup makes the service, which use port_num on the Hardware Node, be unaccessible from the Internet. Also note that SNAT translation is required too.