I am attempting to follow this https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet to forward traffic from a few ports on a public oracle vps to other ports on my local server through a wireguard connection. Currently I am doing this using rinetd, but I was looking for a more normal way of forwarding traffic. (Also looking to forward UDP traffic at some point.)
After stopping rinetd, adding these rules to the public server’s wg config
# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# port forwarding
PreUp = iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 443 -j DNAT --to-destination 10.144.65.2:8443
PostDown = iptables -t nat -D PREROUTING -i ens3 -p tcp --dport 443 -j DNAT --to-destination 10.144.65.2:8443
# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
and restarting the wg connection, I’m seeing traffic on the ens3 port but none entering wg0 via tcpdump. I feel like I probably have conflicting iptables rules saved https://pastebin.com/0eNwhNKM but I don’t really know enough about whats going on there to fix it. I feel like its probably the wireguard-*-rule ones (created by pivpn possibly?) but I’m not sure.
I’ve had good luck using this Docker container on both ends, using just a vanilla Ubuntu Oracle instance with the ports I need opened up.
https://github.com/DigitallyRefined/docker-wireguard-tunnel