Skip Navigation

Issues forwarding traffic through a wireguard connection

I am attempting to follow this to forward traffic from a few ports on a public oracle vps to other ports on my local server through a wireguard connection. Currently I am doing this using rinetd, but I was looking for a more normal way of forwarding traffic. (Also looking to forward UDP traffic at some point.)

After stopping rinetd, adding these rules to the public server's wg config

# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1

# port forwarding
PreUp = iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 443 -j DNAT --to-destination
PostDown = iptables -t nat -D PREROUTING -i ens3 -p tcp --dport 443 -j DNAT --to-destination

# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE

and restarting the wg connection, I'm seeing traffic on the ens3 port but none entering wg0 via tcpdump. I feel like I probably have conflicting iptables rules saved but I don't really know enough about whats going on there to fix it. I feel like its probably the wireguard-*-rule ones (created by pivpn possibly?) but I'm not sure.

Edit way later: Ended up just using rinetd for the udp connections. Ubuntu doesn't include the latest version here which is able to do UDP connections. The docker container RxBrad suggested uses that version within the docker container to make the redirections so it will be roughly equivalent.