My ISP (Telus) is not really CGNAT, but blocks any incoming connections, which is almost same thing.
So, I can’t configure Port Fowarding.
But I have VPS with unlimited traffic near by. So, I want to proxy StorJ traffix though it.
I tried to configure WireGuard to do that. But I can’t make it work.
Does anyone has experience / knowledge on how to do it?
Here is how I want to do it:
Windows StorJ @ residence with Telus ISP <=Wireguard=> Linux VPS @ Azure <==> Internet
I can’t figure out WireGuard configuration for the Linux VPS. Looks like I need some iptables config…
Hello, you can try the following;
Accept Desired Traffic
iptables -I INPUT 1 -i CHANGETOINTERFACENAME -p udp --dport VPNPORT -j ACCEPT
iptables -A INPUT -i wg0 -p all -j ACCEPT
Enable NAT on vpn traffic
iptables -t nat -I POSTROUTING -s VPNNETWORK -o CHANGETOINTERFACENAME -j MASQUERADE
Port Forward Rules
iptables -t nat -A PREROUTING -d YOURVPSPUBLICIP -p tcp --dport 28967 -j DNAT --to-destination MACHINEINTERNALVPNIP:28967
1 Like
This makes me curious. I’m with Telus and for me only port 80 is blocked. Maybe 25 too but I’ve never tested that. I’m running a lot of services and forwarding many ports without issues. This includes port 443 for my reverse proxy, and multiple higher ports for VPNs, apps like Storj, etc.
Where are you located?
@fmoledina, I’m in Richmond, BC. And I found, that all of my ipv4 ports blocked. Interestingly, I found, that my ipv6 ports are open, but that’s is of little help for StorJ.
I tried @xyphos10 settings above. It didn’t work.
I asked the same question on StackOverflow now.
But I made it to work with Wireguard + rinetd:
-
Wireguard enables VPS to communicate with StorJ node-behind-NAT
-
rinetd running on VPS is forwarding TCP from WAN to Wireguard, a sort of “publishing” or opening StorJ ports to the WAN.
Here is the dashboard of my new behind-the-NAT StorJ node:
http://storj.slavikf.com/
Yes, I know, that some people consider opening it as a security risk. I want to test & see what happens.
Hmm not sure why it did not work, I have a similar config running on two machines at it works not problem. I used pivpn to create the wireguard configs though.
Here is my full script for iptables
#!/bin/bash
Flush existing rules
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -F
iptables -X
iptables-save > /etc/iptables/rules.v4
Accept loopback traffic
iptables -A INPUT -i lo -p all -j ACCEPT
Accept return traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Set default INPUT policy to DROP
iptables -P INPUT DROP
Set default FORWARD policy to ACCEPT
iptables -P FORWARD ACCEPT
Set default OUTPUT policy to ACCEPT
iptables -P OUTPUT ACCEPT
Accept Desired Traffic
iptables -I INPUT 1 -i eth0 -p udp --dport 20443 -j ACCEPT #allow vpn traffice to vps
iptables -A INPUT -i wg0 -p all -j ACCEPT
Enable NAT on vpn traffic
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Port Forward Rules
iptables -t nat -A PREROUTING -d PUBLIC-IP-HERE -p tcp --dport 28967 -j DNAT --to-destination 10.8.0.2:28967
iptables-save > /etc/iptables/rules.v4
1 Like
Hello @SlavikCA , I have the same problem as you, have you found a solution?
Are you using the rules that recommend @xyphos10 ?