Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
RavingRobot2022-04-17 13:57:33
linux
RavingRobot, 2022-04-17 13:57:33

Port-forwarding with WireGuard and UFW?

There is a home server. It runs Portainer, Home Assistant, TeamSpeak 3 in the docker. There is also a VPS server. Wireguard is configured between them. Home resources are available from the VPS, for example curl 20.20.20.2:8123 gives the answer. But it is not possible to configure port-forawrding so that the resources of the home server are available via the VPS IP, so as not to shine home IP (not only friends, but also acquaintances and unfamiliar people can enter TeamSpeak). I tried different guides, tips, etc., nothing helped.

Current settings:
VPS WG config

[Interface]
PrivateKey = aBVntnMA2P+Tc4J82k+MueK4FlGtNrHgozo2sGRpDlg=
Address = 20.20.20.1/24
ListenPort = 51820
PreUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreUp = iptables -t nat -A PREROUTING -d %VPSIP% -p tcp --dport 8123 -j DNAT --to-destination 20.20.20.2
PostDown = iptables -t nat -D PREROUTING -d %VPSIP% -p tcp --dport 8123 -j DNAT --to-destination 20.20.20.2

[Peer]
PublicKey = 2mQadCFPdp6H3iItOt2enpTORSD9TGZ9sP9S+AIpCRo=
AllowedIPs = 20.20.20.2/32

VPS UFW
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
51820                      ALLOW       Anywhere
8123                       ALLOW       Anywhere

VPS iptables -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
   15   780 DNAT       tcp  --  *      *       0.0.0.0/0            %VPSIP%       tcp dpt:8123 to:20.20.20.2

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
A1RWALK3R, 2022-04-18
@RavingRobot

I suppose the key here is "so as not to shine home ip", and the task is to separate flies from cutlets - VPN and TeamSpeak 3 should be available at the VPS ip address, but not intersect, right?
In this case, forward the associated port of the home server with the TeamSpeak 3 container on the home router to the VPS ip port that you will allocate for connections to the TeamSpeak 3 server, and from the VPS side to the external ip: port of the home network. Don't forget to open a port in UFW on the VPS.
At the same time, in the case of a white ip of the home network, we configure iptables VPS like this , and in the case of gray and the presence of DDNS - like this .
PS PrivateKey is therefore private, so that it does not shine.

Similar questions
V
Vasiliy_M2018-01-17 10:24:07
Do I need to specify vendor_name/package_name when creating a package? 1Reply
V
Vitaly2020-02-13 03:03:25
Why doesn't chromium driver terminate process after browser is closed in Selenium? 1Reply
S
Sam Stay2017-09-20 19:07:21
How to send gpg key to LDAP server with authorization? 0Reply
A
avp2017-09-22 15:02:05
Problems with xrdp. Slide show. Is there a solution? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question