this post was submitted on 08 Jul 2023
9 points (84.6% liked)

Selfhosted

39435 readers
7 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Update: Sorry guys, looks like I just needed to reboot the public server.

My goal is to forward port 8096 from my private server to my public server. That, is any traffic at public server's port 8096 should be tunneled to port 8096 of my private server and back.

I've set up a wireguard tunnel and ping is working from one device to the other. In this, 10.8.0.1 is the private server and 10.8.0.2 is the public server.

Here are my config files (/etc/wireguard/wg0).

***
On the public server
***
[Interface]
Address = 10.8.0.2/24
ListenPort = 51820
PrivateKey = *****************************************

# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1

# port forwarding
PreUp = firewall-cmd --zone=public --add-port 8096/tcp
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8096 -j DNAT --to-destination 10.8.0.1:8096
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 8096 -j DNAT --to-destination 10.8.0.1:8096
PostDown = firewall-cmd --zone=public --remove-port 8096/tcp

# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE

[Peer]
PublicKey = *****************************************
AllowedIPs = 10.8.0.1
***
On the private server
***
[Interface]
Address = 10.8.0.1/24
PrivateKey = *****************************************

[Peer]
PublicKey = *****************************************
AllowedIPs = 10.8.0.2
Endpoint = <public-server-addr>:51820
PersistentKeepalive = 25

Now, I'm trying to test the connection using netcat. I'm listening from my private server using nc -l 8096 (I've made sure that the port is unblocked) and trying to connect from a third device using nc <public-server-addr> 8096 but it's not working.

I have no idea what's going on here. Some help from experienced people is very appreciated.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

If I run iptables directly, it tells me that I have the nf_tables version.

[–] [email protected] 1 points 1 year ago

@SexualPolytope yeah. It's rare that nftables isn't the default anymore.