Port forwarding through a VPS with the help of Wireguard and iptables
Context
Recently I wanted to host a Minecraft server on a network that I can not port forward with. Although this can be done with an SSH tunnel too, I believe Wireguard will give a slightly better performance overall.
I will not be going through Wireguard setup in this page, but I did cover it before here: Wireguard server and peer configuration (Archlinux / Debian / Ubuntu). Instead I will just be going through the iptables portion.
Commands
Add
# iptables -t nat -A PREROUTING -p tcp -d 123.123.123.123 --dport 25565 -j DNAT --to 10.123.123.123:25565
# iptables -A FORWARD -p tcp -d 10.123.123.123 --dport 25565 -j ACCEPT
# iptables -t nat -o wg0 -A POSTROUTING -j MASQUERADE
Delete
# iptables -t nat -D PREROUTING -p tcp -d 123.123.123.123 --dport 25565 -j DNAT --to 10.123.123.123:25565
# iptables -D FORWARD -p tcp -d 10.123.123.123 --dport 25565 -j ACCEPT
# iptables -t nat -o wg0 -D POSTROUTING -j MASQUERADE
- Change
123.123.123.123to your external facing server's public IP address - Change
10.123.123.123to the server's Wireguard IP address - Change all instances of
25565to a port you wish to forward - Change
wg0to your Wireguard interface name