Using wireguard server on cloud as a medium to access local server from internet?

Question

Basically what I want is that, I want to use the public IP of the google cloud vm to access to my local webserver. I don't have any public ip on my local side.

When I put gcloud_public_ip:80 in my browser url bar, I want to get access to my local server's web port instead of the cloud vm's web.

I've successfully configured wireguard. wg0 interfaces on both gcloud vm and local server are up and running. There are no port blocking or ip filtering in my local router. I've also opened the web ports 80/443 udp/tcp ingress on google cloud firewall + some other ports for wireguard tunnel.

I've read that I need to use iptables command on the cloud vm to redirect incoming traffics from the internet to my local server's webport 80/443 which is at the other side of the wireguard tunnel. I'm not very familiar with it but as far as I've learned I need to issue two commands; one for PREROUTING and one for POSTROUTING .

These are the commands I've issued, but they are not working or at least, I think I'm still missing something.

sudo iptables -t nat -A PREROUTING -i ens4 -p tcp --dports 80,443 -j DNAT --to-destination 10.0.3.2
sudo iptables -t nat -A POSTROUTING -p tcp -d 10.0.3.2 --dports 80,443 -j SNAT --to-source 10.140.0.2

• ens4 is the internal interface of a google cloud vm which has public ip mapped to it.

• 10.0.3.2 is the local server's side tunnel ip.

• 10.140.0.2 is the ip of ens4 which has public ip mapped to it.

Answer 1

You have set up rules at your VPS server, so that it can handle traffic from/to your webserver properly.

However, you need to set up rules on your webserver that forwards all traffic via the Wireguard tunnel.

You need to set up a default route via the Wireguard tunnel on your webserver. There needs to be a host route to the VPS via the actual internet connection you are using.

All the details depend on the closer details of your network setup.