0

I have rented several cloud servers from Hetzner. These are all on a private network (10.20.20.0/24), with only one server of them even having a public IP.

Following this German tutorial, I want to set up a site-to-site connection to my network back home. In part 3 of the tutorial, starting at about minute 14:00, it is shown that Hetzner requires a special setting for the NAT (outbound NAT, see screenshot).

But now I don't want to build my WireGuard tunnel gateway with pfSense, but with Debian. The background idea is that I use the server CAX11 for this and want to use the unused computing power for a few Docker containers. How can I do this outbound NAT with iptables or nftable? My WAN interface with the public IP is eth0 and that of the LAN is enp7s0. enp7s0 gets the address 10.20.20.2/32 assigned.

alexanderh
  • 3
  • 2

2 Answers2

3

You should be able to set the outbound NAT rule with

iptables -t nat -A POSTROUTING -o eth0 -s 10.20.20.2/32 -j MASQUERADE

Please make also sure, that IP forwarding is enabled:

sysctl -w net.ipv4.ip_forward=1

You may want to add the setting net.ipv4.ip_forward in your /etc/sysctl.conf to persist it.

Andreas Piening
  • 173
  • 1
  • 9
  • In my example I'm only configuring the outbound NAT for one address. You can of course replace the `-s` option with something like `-s 10.20.20.0/24` if you want to enable outbound NAT for the whole subnet. – Andreas Piening Jun 02 '23 at 14:18
0

I have solved it myself. Unfortunately, I just never found the article until now. :D

https://community.hetzner.com/tutorials/how-to-set-up-nat-for-cloud-networks/de

alexanderh
  • 3
  • 2
  • 1
    Can you please share how you solved this by yourself? It would be interesting for others who may find this question in the future if the commands in the first answer are part of a solution or anything else was required. – Andreas Piening Jun 02 '23 at 14:53
  • I followed the steps from the article in my answer and it worked great. But the commands in your answer should work as well. – alexanderh Jun 02 '23 at 15:51
  • 1
    Looking at the article you linked, the commands for the NAT configuration are looking exactly like the commands I gave you in my answer (see https://community.hetzner.com/tutorials/how-to-set-up-nat-for-cloud-networks/de#schritt-3---konfiguration-von-nat). If there's anything holding you back from accepting my answer, please let me know. – Andreas Piening Jun 02 '23 at 16:20