New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Port forward to VPN client
Hi,
I wrote a small Wireguard management script a while ago.
I'd like to add the option to forward ports (for IPv4 and IPv6) to the clients.
Apparently it should be something like this for IPv4
iptables -t nat -A PREROUTING -p tcp --dport $PORT -j DNAT --to-destination $CLIENT_IP:$PORT
iptables -t nat -A POSTROUTING -p tcp -d $CLIENT_IP --dport $PORT -j SNAT --to-source $SERVER_IP
But I'm not quite sure about IPv6 and how to delete individual port forwardings.
And is there a way to forward tcp and udp at once?
Thanks!
Comments
It's basically the same, just use
ip6tables
instead.Replace
-A
(add) with `-D´ (delete).You can try
-p all
instead, but that had some disadvantages. I just don't remember what it was exactly.Forwarding a port to an IPv6 address seems to require a different syntax
ip6tables -t nat -A PREROUTING -p tcp --dport 888 -j DNAT --to-destination fd00::5 --to-ports 880
ip6tables v1.8.2 (nf_tables): unknown option "--to-ports"
Route public v6 addresses to your clients instead of using NAT. There’s plenty of addresses after all, no need to share.
The clients have to be reachable through the host ip, dedicated v6 addresses are no option