docker Wireguard port forwarding |

Trending 1 month ago

I encountered a superior trouble that I couldn't lick pinch AI. I want to person Wireguard, Pi-hole, and Nginx containers connected my server. This portion has been successfully resolved. However, I would besides for illustration to person larboard forwarding from nan nationalist reside of nan server to nan location server pinch Nextcloud installed via VPN - present I encountered difficulties:

Port forwarding utilizing rules described connected nan official page is not working, and I deliberation it's because larboard 8880 is not being listened to connected nan outer server (netstat -tulpn didn't show 8880).

PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8880 -j DNAT --to-destination # packet masquerading PreUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE

Since NPM is installed, I thought I could group up Proxy Hosts done and VPN reside of nan location server (also tried Redirection Hosts) but pinch nary success. Symptoms are arsenic follows: the location server (VPN client) successfully has net entree done WG and tin ping immoderate instrumentality connected nan network, but not vice versa.

traceroute to ( NPM), 30 hops max, 60 byte packets 1 ( 86.792 sclerosis 94.723 sclerosis 94.697 ms 2 * ( 94.323 sclerosis 94.308 ms traceroute to ( HOME server), 30 hops max, 60 byte packets 1 ( 0.071 sclerosis 0.014 sclerosis 0.010 ms 2 * * * ... 30 * * *

NPM knows nan routes:

Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt UG 0 0 0 eth0 0 0 0 U 0 0 0 eth0 0 0 0

As tin beryllium seen from nan Tracert, nan petition goes done D/G/W On nan Wireguard server, nan pursuing rules are present:

iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;

AI suggested adding rules

iptables -t nat -A POSTROUTING -s -o wg0 -d -j MASQUERADE or iptables -t nat -A POSTROUTING -s -o eth0 -d -j MASQUERADE

but that didn't thief either. All these PREUP rules person been many times tested pinch net.ipv4.ip_forward = 1 some enabled and disabled.

I dream nan organization will thief maine fig retired really to correctly group up larboard forwarding aliases done NPM because I've exhausted my ideas.