Internal networking issue

hades_corps

Hi,

For a while now I have been running Wireguard on my server alongside CloudPanel and stuff (all are on LXCs). And all is well until about a week ago, I can't access any http/https host on the same server if I connect to Wireguard on LXC. Can't really pinpoint the exact date or update since most of the work is automated.
The host is Proxmox V8 (Debian 12) with Crowdsec.

I have verified these things:

• I temporarily turned off the firewall and the issue persisted.
• I can access services that are on the host.
• All the LXCs can see and access each other since there are a few reverse proxies on CloudPanel direct to other LXCs.

My current /network/interfaces is as such:

   post-up echo 1 > /proc/sys/net/ipv4/ip_forward
   post-up iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -o enp36s0f0 -j SNAT --to-source <IP>
   post-up iptables -t nat -A PREROUTING -d <IP> -p tcp --dport 80 -j DNAT --to <CloudPanel>:80
   post-up iptables -t nat -A PREROUTING -d <IP> -p tcp --dport 443 -j DNAT --to <CloudPanel>:443
   post-up iptables -t nat -A PREROUTING -d <IP> -p udp --dport <WG_Port> -j DNAT --to <WireGuard>:<WG_Port>
   post-up iptables -t nat -A PREROUTING -d <IP> -p tcp --dport <WG_Port> -j DNAT --to <WireGuard>:<WG_Port>

Edit: I also connected to WireGuard on my phone with cellular so it's something on the host and not my home network.

ScreenReader

is there any funny error logs in syslog / NetworkManager?

try troubleshooting it using tcpdump

vsys_host

Try telnet to 443 port from WG lxc to HTTP/S lxc. If it's not working, then check the firewall and routing.
If it's working, then run tcpdump on HTTP/S lxc and compare telnet from WG lxc and connection from your phone/laptop; the difference will be the key to finding an issue.