docker Wireguard port forwarding | pressku.com

Trending 1 month ago

I encountered a superior trouble that I couldn't lick pinch AI. I want to person Wireguard, Pi-hole, and Nginx containers connected my server. This portion has been successfully resolved. However, I would besides for illustration to person larboard forwarding from nan nationalist reside of nan server to nan location server pinch Nextcloud installed via VPN - present I encountered difficulties:

Port forwarding utilizing rules described connected nan official page is not working, and I deliberation it's because larboard 8880 is not being listened to connected nan outer server (netstat -tulpn didn't show 8880).

PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8880 -j DNAT --to-destination 10.10.1.5:80 # packet masquerading PreUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE

Since NPM is installed, I thought I could group up Proxy Hosts done my.fancy.domain.com and VPN reside of nan location server 10.10.1.5:80 (also tried Redirection Hosts) but pinch nary success. Symptoms are arsenic follows: the location server (VPN client) successfully has net entree done WG and tin ping immoderate instrumentality connected nan network, but not vice versa.

traceroute to 10.8.0.251 (10.8.0.251 NPM), 30 hops max, 60 byte packets 1 10.10.1.1 (10.10.1.1) 86.792 sclerosis 94.723 sclerosis 94.697 ms 2 * 10.8.0.251 (10.8.0.251) 94.323 sclerosis 94.308 ms traceroute to 10.10.1.5 (10.10.1.5 HOME server), 30 hops max, 60 byte packets 1 2553321-zr81296.twc1.net (10.8.0.1) 0.071 sclerosis 0.014 sclerosis 0.010 ms 2 * * * ... 30 * * *

NPM knows nan routes:

Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt 0.0.0.0 10.8.0.1 0.0.0.0 UG 0 0 0 eth0 0 0 0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0 0 0

As tin beryllium seen from nan Tracert, nan petition goes done D/G/W 10.8.0.1. On nan Wireguard server, nan pursuing rules are present:

iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;

AI suggested adding rules

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wg0 -d 10.10.1.0/24 -j MASQUERADE or iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -d 10.10.1.0/24 -j MASQUERADE

but that didn't thief either. All these PREUP rules person been many times tested pinch net.ipv4.ip_forward = 1 some enabled and disabled.

I dream nan organization will thief maine fig retired really to correctly group up larboard forwarding aliases done NPM because I've exhausted my ideas.

More
close