Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
CloudLinux
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Port forward to VPN client

v3ngv3ng Member, Host Rep
edited January 2021 in Help

Hi,

I wrote a small Wireguard management script a while ago.
I'd like to add the option to forward ports (for IPv4 and IPv6) to the clients.

Apparently it should be something like this for IPv4
iptables -t nat -A PREROUTING -p tcp --dport $PORT -j DNAT --to-destination $CLIENT_IP:$PORT
iptables -t nat -A POSTROUTING -p tcp -d $CLIENT_IP --dport $PORT -j SNAT --to-source $SERVER_IP

But I'm not quite sure about IPv6 and how to delete individual port forwardings.
And is there a way to forward tcp and udp at once?

Thanks!

Comments

  • brueggusbrueggus Member, IPv6 Advocate

    @v3ng said: But I'm not quite sure about IPv6

    It's basically the same, just use ip6tables instead.

    and how to delete individual port forwardings.

    Replace -A (add) with `-D´ (delete).

    And is there a way to forward tcp and udp at once?

    You can try -p all instead, but that had some disadvantages. I just don't remember what it was exactly.

  • v3ngv3ng Member, Host Rep
    edited January 2021

    Forwarding a port to an IPv6 address seems to require a different syntax
    ip6tables -t nat -A PREROUTING -p tcp --dport 888 -j DNAT --to-destination fd00::5 --to-ports 880
    ip6tables v1.8.2 (nf_tables): unknown option "--to-ports"

  • RickBakkrRickBakkr Member, Patron Provider, LIR

    Route public v6 addresses to your clients instead of using NAT. There’s plenty of addresses after all, no need to share.

  • v3ngv3ng Member, Host Rep

    The clients have to be reachable through the host ip, dedicated v6 addresses are no option

Sign In or Register to comment.