I have a dedicated server running Ubuntu 22.04 with a wireguard (wg-easy) server running in docker.
(ip addresses are examples)
| Dedicated server | Wireguard Docker IP | Wireguard Client IP |
|---|---|---|
| 142.250.70.238 | 172.17.0.8 | 10.8.0.2 |
Connection to the wireguard server via both windows client and linux host works fine. They get their 10.8.0.x addresses and running a quick "what is my IP" search in google returns the expected 142.250.70.238 IP address.
Where I'm having trouble is port forwarding to a wireguard client. I'm trying to get traffic hitting 142.250.70.238 on TCP 36029 to go to 10.8.0.2.
From reading a number of other similar posts regarding wireguard port forwarding, this seems to be what I need but it doesn't work:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 36029 -j DNAT --to-destination 10.8.0.2
I'm not sure if it's due to running the wireguard server in a docker, or because I'm relying on UFW to keep unwanted traffic out.
This post (Port forwarding with wireguard) has a simliar question regarding UFW (exluding docker) but that doesn't seem to work for me either:
ufw route allow proto tcp to 10.8.0.2 port 36029
Just wondering if one of you fine folk would be able to lend some assistance.
Thanks!
edit 1: so after thinking about it a bit more, i believe i need to configure the wireguard server docker to accept traffic from the desired incoming port
-p 36029:36029
Then a ufw rule to route any incoming traffic on TCP 36029 to the host 142.250.70.238 to the wireguard docker:
ufw route allow proto tcp from any to 172.17.0.8 port 36029
I'm thinking the final step is to run an iptables in the docker container itself to the wireguard client on 10.8.0.2
edit 2: using this command in the wireguard docker after doing the above worked:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 36029 -j DNAT --to-destination 10.8.0.2
Maybe running wireguard in docker is overcomplicating things for me...
