Hi, I’m Alex! I like to talk about all sorts of things, like self-hosting stuff, programming shenanigans, random memes, games and probably some other stuff too!
- 8 Posts
- 43 Comments
1·2 years agoHi, whenever I try to enter the ports 80 and 443 at the beginning of the -R parameter, I get this error:
Warning: remote port forwarding failed for listen port 80. How do I fix this?
How do I make the SSH tunnel forward traffic? It can’t be as easy as just running
ssh user@SERVER_IPin the terminal.(I only need variant 1 btw)
I’ve added the firewall rule and it still says
no port[s] to connect towhenever I runecho "Testing" | nc -u SERVER_IP -p 51820. I feel like you’re trying to stay on a sinking ship, so I would suggest to try another method to see if we even can get the whole “bypass CGNAT with a VPS” thing to work at all.Update: I’ve tried setting up SSH tunneling instead and it STILL doesn’t work. I contacted Hetzner support about this issue and I’m hoping that they can resolve the firewall issues that I’m having.
I’ve added some different ports for the future, but this is my
ufw status:Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 51820 ALLOW Anywhere 2333 ALLOW Anywhere 80 ALLOW Anywhere 81 ALLOW Anywhere 443 ALLOW Anywhere 80/tcp ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 51820 (v6) ALLOW Anywhere (v6) 2333 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 81 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6)
Alright, I switched to
ufwand… it’s still not working. sighShould we just try something completely different? WireGuard doesn’t seem to be working on my VPS. Someone in the comments mentioned tunneling via SSH, sounds interesting.
What do you mean with “clear out iptables completely”? Should I remove the iptables package with
sudo apt remove iptables?
Alright, sounds good. What firewall are you recommending me to use? I would like to use a firewall that’s easy to manage.
Edit: I went with
ufw.
I tried to open the port 22 on UDP (yeah, I am getting pretty desperate over here…) and still get the message
no port[s] to connect to… Someone else on this post commented that I should stop using iptables for opening ports and start using something else as a firewall. Should I try this approach?
Does iptables count as a firewall? You said that I should “forget” iptables. Is it that bad? It came preinstalled on the VPS. Should I switch? And if so, how?
Very interesting… How do I get started?
The command you provided for the VPS returns
UDP listen needs -p arg, so I just added-pright before the port number and then it worked. Running the homelab command returnsno port[s] to connect to… Not good.
I have no idea how to properly manage the firewall with Hetzner. I’ve opened the ports on the Hetzner management page and I ran several iptables commands to allow traffic from those ports. Still doesn’t work. This is weird!
How would that kind of a setup look like?
Hmm, the keys do match on the two different machines. I have no idea why this doesn’t work…
I do not get a response when pinging the VPS’s WG IP from my homeserver. It might have something to do with the firewall that my VPS provider (Hetzner) is using. I’ve now allowed the port
51820on UDP and TCP and it’s still the same as before… This is weird.
Hi, thank you so much for trying to help me, I really appreciate it!
VPS
wg0.conf:[Interface] Address = 10.0.0.1/24 ListenPort = 51820 PrivateKey = REDACTED PostUp = iptables -t nat -A PREROUTING -p tcp -i eth0 '!' --dport 22 -j DNAT --to-destination 10.0.0.2; iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source SERVER_IP PostUp = iptables -t nat -A PREROUTING -p udp -i eth0 '!' --dport 55107 -j DNAT --to-destination 10.0.0.2; PostDown = iptables -t nat -D PREROUTING -p tcp -i eth0 '!' --dport 22 -j DNAT --to-destination 10.0.0.2; iptables -t nat -D POSTROUTING -o eth0 -j SNAT --to-source SERVER_IP PostDown = iptables -t nat -D PREROUTING -p udp -i eth0 '!' --dport 55107 -j DNAT --to-destination 10.0.0.2; [Peer] PublicKey = REDACTED AllowedIPs = 10.0.0.2/32Homeserver
wg0.conf:[Interface] Address = 10.0.0.2/24 PrivateKey = REDACTED [Peer] PublicKey = REDACTED AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 25 Endpoint = SERVER_IP:51820(REDACTED would’ve been the public / private keys, SERVER_IP would’ve been the VPS IP.)
The biggest obstacle for me is the connection between the VPS and my homeserver. I have tried this today and I tried pinging
10.0.0.2(the homeserver IP via WireGuard) and get this as a result:PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. From 10.0.0.1 icmp_seq=1 Destination Host Unreachable ping: sendmsg: Destination address required From 10.0.0.1 icmp_seq=2 Destination Host Unreachable ping: sendmsg: Destination address required ^C --- 10.0.0.2 ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1019msNot sure why though.
Not really, pinging my homeserver via the VPS returns:
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. From 10.0.0.1 icmp_seq=1 Destination Host Unreachable ping: sendmsg: Destination address required From 10.0.0.1 icmp_seq=2 Destination Host Unreachable ping: sendmsg: Destination address required ^C --- 10.0.0.2 ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1019ms
Hey, thank you for your blog post. I’m definitely reconsidering my choices with Cloudflare tunnels. I will take a look at the VPS setup. Privacy is something that I really care about, so this would be pretty useful. I would definitely be ready to pay 3.29€ per month for the privacy aspects of this setup.
Why did ZippyBot bring me here?