Redirecting traffic to IP via VPN using iptables [old]

This is my configuration for redirecting traffic from a remote server to my home server on specific ports over the Tailscaled VPN. This is a combination of solutions I’ve found on the internet that works for my specific case. I need this as my current internet connection is Dual Stack Lite. This may not be the best solution and it may be better to tunnel IPv4 over IPv6 otherwise.

Pre Setup (remote server):

In some cases or in a testing environment it may be a good idea to flush the current rules.

iptables -F
iptables -t nat -F

You will need both sets of rules within iptables. The two rulesets ensure that traffic leaving by the specified interfaces is appropriately masqueraded. Masquerade outgoing traffic:

iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE

Allow return traffic:

iptables -A INPUT -i ens192 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tailscale0 -m state --state RELATED,ESTABLISHED -j ACCEPT

Forward everything:

iptables -A FORWARD -j ACCEPT

Actually forwarding ports:

To forward for example port 80 on host 217.160.70.150 to port 80 on host 100.96.158.8, we need to add the following rules to the iptables configuration of host 217.160.70.150: 

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 100.96.158.8:80
iptables -t nat -A POSTROUTING -p tcp -d 100.96.158.8 --dport 80 -j SNAT --to-source 217.160.70.150

Port 80 can be changed to any other port. You can check your config using: iptables -t nat -L -n

One thought on “Redirecting traffic to IP via VPN using iptables [old]”
  1. Tuxbyte says:
    May 15, 2024 at 6:57 pm

    Nice page 🙂

    But it’s a lil’ empty here…

    Reply
Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: Uncategorized - @ December 8, 2022 9:14 pm