VPS Wireguard + NAT forwarding

Started by meni1234, January 02, 2024, 01:25:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 02, 2024, 01:25:27 PM Last Edit: January 02, 2024, 01:32:49 PM by meni1234
Hello everyone and a happy new year

I need your help with my homeserver because I can't get opnsense to forward the traffic to a VM.

My setup:
I have a physical server with debian 12 and proxmox. This is connected to a router which is connected to the internet through a CGNAT. As I am behind a CGNAT I have to use a public IP via a VPS. I isolate my host system with Proxmox and opnsense. Using Wiregurad, the virtual opnsense establishes a tunnel to the VPS. The VPS sends the required ports directly to the opnsense, which works perfectly. It is important to note that I only have one physical NIC. So I use the physical NIC with a linux bridge (vmbr0) for the WAN and a virtual bridge (vmbr1) for the LAN connection at opnsense.

Infa:


My problem:
The traffic e.g. 80/443 arrives on my opn sense. For example, I can access the webui of opnsense for test purposes from the public ip by forwarding80/443. But now when I create a NAT rule which should forward the traffic from the opnsense to a vm with a ngix webserver this does not work and I have no idea why not. Of course I changed the opnsense oprt from 443 to 441.

I proceed as follows:
I create a NAT rule:
Interface: OPT1 (WG)
Destination: OPT 1 net
Connection range: 80/443 to 80/443
Redirected destination IP: 192.168.1.103
Redirected carry port 80/443
NAT reflection: activate

Log:


Do I have a fundamental misconception here? Maybe one of you has an idea what I am doing wrong here. What else do you think about the construction of my network, do you think this is a secure approach or do you have any suggestions for optimization?

Thank you in advance.

best regards meni
January 02, 2024, 01:57:14 PM #1 Last Edit: January 02, 2024, 02:01:30 PM by meni1234
Holy shit I found the solution , I had a old wg0 interface on my vm with the webserver. I think this was blocking the fowarding? But how? I removed now wireguard form my vm (192.168.1.103) and everything works perfekt now. Thats crazy I was searching for days for the issue, I think I need a short break XD.

Then I have another question, how can I best enable access to the vms via ssh from my host (192.168.8.2)? So far this is not possible. Do you have any other suggestions for improving my setup?
December 17, 2024, 12:09:23 AM #2
Hi meni1234, can you please give a configuration example of how you connected OPNsense with the VPS?
Print
Go Up Pages1
User actions