this post was submitted on 03 Jan 2024
11 points (92.3% liked)

Selfhosted

40220 readers
1065 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I am attempting to follow this https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet to forward traffic from a few ports on a public oracle vps to other ports on my local server through a wireguard connection. Currently I am doing this using rinetd, but I was looking for a more normal way of forwarding traffic. (Also looking to forward UDP traffic at some point.)

After stopping rinetd, adding these rules to the public server's wg config

# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1

# port forwarding
PreUp = iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 443 -j DNAT --to-destination 10.144.65.2:8443
PostDown = iptables -t nat -D PREROUTING -i ens3 -p tcp --dport 443 -j DNAT --to-destination 10.144.65.2:8443

# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE

and restarting the wg connection, I'm seeing traffic on the ens3 port but none entering wg0 via tcpdump. I feel like I probably have conflicting iptables rules saved https://pastebin.com/0eNwhNKM but I don't really know enough about whats going on there to fix it. I feel like its probably the wireguard-*-rule ones (created by pivpn possibly?) but I'm not sure.

Edit way later: Ended up just using rinetd for the udp connections. Ubuntu doesn't include the latest version here https://github.com/samhocevar/rinetd which is able to do UDP connections. The docker container RxBrad suggested uses that version within the docker container to make the redirections so it will be roughly equivalent.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 10 months ago

I've had good luck using this Docker container on both ends, using just a vanilla Ubuntu Oracle instance with the ports I need opened up.

https://github.com/DigitallyRefined/docker-wireguard-tunnel