The problem is similar to this scenario:
iptables rule still take effect after deleted

Scenario:
There are several clients(C1~C10) providing some services, such as SSH,HTTP.....
The clients are actually a personal computer behind NAT.
Their IP might be 192.168.0.x

For easily access these machines through internet, I built a OpenVPN server(S1).
All the C1~C10 connect to S1 with VPN address 10.8.0.x

If A user(U1) wanna access C1 SSH through internet, he can connect to S1 with port "55555", and S1 port forward 55555 to 10.8.0.6:22

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 55555 -j DNAT --to-destination 10.8.0.6:22

It works well until I mark the following in the openvpn server.conf:
I marked this because I think this will make all connection go through S1

;push "redirect-gateway"

      |-------(NAT)--------|  
(C1)--|                  (INTERNET)----(U1)  
      |-----(VPN)----(S1)--|  

The C1~C10 have their own path to access internet resource through NAT . The server loading would be heavy if all C1~C10 connection go through S1
(for example, C1 is sending data to C2, or C1 is downloading data from a FTP site).

Is there a way to solve this quandary?