Redirect public 8080 through VPN to internal server

#1

VPS setup using https://github.com/trailofbits/algo/tree/dcfed41ae8467d924185579a49fd040c671bc362

Excellent! Both algo and Scaleway !

I have been reading about cloud, VPS, VPN, servers, networking. My head hurts. But, I did manage to get it all working…
I can ssh into the VPS and ping my clients using their VPN interface (wg0) and their VPN IP (10.19.49.0/32). Great.
Also, my clients can ping my VPS (10.19.49.1).
Remember Ive NEVER played with networks before and look , I can use octet masks :slight_smile:

Questions:

  1. From the VPS (algo) I couldnt ping using hostnames so, I had to edit /etc/hosts so that my VPS can access clients by hostname. That works but have I made the mod in the right place?
  2. My clients couldnt ping by hostname, my VPS so I edited clients’ /etc/hosts so that it could resolve the VPS by name (algo). Is this right?
  3. My VPS (algo) has an interface “lo” (loopback) with a floating IP.
  4. My VPS (algo) has an interface “ens2” with IP 10.19.30.23/31(whats this?)
  5. My VPS (algo) has an interface wg0 with IP 10.19.49.1/24
  6. I have a server running lighttpd, on my LAN on interface eth0 and IP 192.168.1.10, behind an ISP router.
  7. That same lighttpd server also has a VPN client interface wg0 with IP 10.49.5.
  8. As I say, my VPS can ping my lighttpd server and vice versa. VPN working.
  9. Here’s myproblem:- I can connect to lighttpd from any LAN device and it all works, BUT, I cannot connect to lighttpd from the WWW. In other words, I want to be able to point any browser in the world, to my VPS floating IP on port 80 and forward this, onto its wg0 interface and through the VPN tunnel, to my lighttpd server which has the VPN on its interface wg0 and IP 10.19.49.5.

Am i correct in that i need…
VPS-floating-IP port 80,
to
VPS-interface wg0 10.19.45.1 port 80
to
VPN IP 10.19.45.5 port 80
to
LAN 192.168.1.10 port 80 (or can I ask lighttpd to listen on wg0 10.19.45.5 port 80) ? I dont know

How can i do this with ufw? yes ive read the manual and still cane here.

I’ve searched and scoured many articles but they talk about iptables (I’m runing ufw) or they want to access a server on the VPS. None of this is what I want. What I want is: How on earth, do i implement this requirement. I’ve got no darn idea. Can any one help please. I will happily provide any config or output from commands - just tell me what you want - but at the moment I’m out of my depth and in “please help” mode

Might I ask replies to explain the magic commands in your posts. As i say, I’m at the edge of my skills, but ready to learn.

TIA

#2

Hello,

first of all, you need to be aware that your Scaleway VPS is already running behind a NAT , that’s why you see IPs like 10.19.30.23 in your VPS (it’s mapped to your public VPS IP).

then ufw is just a wrapper of iptables, so using one or the other is just a matter of how you configure stuff,
You can find a tutorial here https://www.cyberciti.biz/faq/how-to-configure-ufw-to-forward-port-80443-to-internal-server-hosted-on-lan/ , you are probably interested in the DNAT, MASQUERADE and sysctl sections of it (also note that in your “VPS case” PUBLIC_IP would be your VPS private IP and INTERNAL_IP your VPN client IP (web server VPN IP)

hope this helps a bit,
feel free to join our slack to discuss/debug in live

Mik