Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)A

AlexPewMaster

@ AlexPewMaster @lemmy.zip

Posts
6
Comments
37
Joined
2 yr. ago

Hi, I'm Alex! I like to talk about all sorts of things, like self-hosting stuff, programming shenanigans, random memes, games and probably some other stuff too!

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • How do I make the SSH tunnel forward traffic? It can't be as easy as just running ssh user@SERVER_IP in the terminal.

    (I only need variant 1 btw)

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • I've added the firewall rule and it still says no port[s] to connect to whenever I run echo "Testing" | nc -u SERVER_IP -p 51820. I feel like you're trying to stay on a sinking ship, so I would suggest to try another method to see if we even can get the whole "bypass CGNAT with a VPS" thing to work at all.

    Update: I've tried setting up SSH tunneling instead and it STILL doesn't work. I contacted Hetzner support about this issue and I'm hoping that they can resolve the firewall issues that I'm having.

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • I've added some different ports for the future, but this is my ufw status:

     
        
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
51820                      ALLOW       Anywhere                  
2333                       ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
81                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
51820 (v6)                 ALLOW       Anywhere (v6)             
2333 (v6)                  ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
81 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • Alright, I switched to ufw and... it's still not working. sigh

    Should we just try something completely different? WireGuard doesn't seem to be working on my VPS. Someone in the comments mentioned tunneling via SSH, sounds interesting.

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • What do you mean with "clear out iptables completely"? Should I remove the iptables package with sudo apt remove iptables?

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • Alright, sounds good. What firewall are you recommending me to use? I would like to use a firewall that's easy to manage.

    Edit: I went with ufw.

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • I tried to open the port 22 on UDP (yeah, I am getting pretty desperate over here...) and still get the message no port[s] to connect to... Someone else on this post commented that I should stop using iptables for opening ports and start using something else as a firewall. Should I try this approach?

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • Does iptables count as a firewall? You said that I should "forget" iptables. Is it that bad? It came preinstalled on the VPS. Should I switch? And if so, how?

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • Very interesting... How do I get started?

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • The command you provided for the VPS returns UDP listen needs -p arg, so I just added -p right before the port number and then it worked. Running the homelab command returns no port[s] to connect to... Not good.

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • I have no idea how to properly manage the firewall with Hetzner. I've opened the ports on the Hetzner management page and I ran several iptables commands to allow traffic from those ports. Still doesn't work. This is weird!

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • How would that kind of a setup look like?

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • Hmm, the keys do match on the two different machines. I have no idea why this doesn't work...

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • I do not get a response when pinging the VPS's WG IP from my homeserver. It might have something to do with the firewall that my VPS provider (Hetzner) is using. I've now allowed the port 51820 on UDP and TCP and it's still the same as before... This is weird.

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • Hi, thank you so much for trying to help me, I really appreciate it!

    VPS wg0.conf:

     
        
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = REDACTED

PostUp = iptables -t nat -A PREROUTING -p tcp -i eth0 '!' --dport 22 -j DNAT --to-destination 10.0.0.2; iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source SERVER_IP
PostUp = iptables -t nat -A PREROUTING -p udp -i eth0 '!' --dport 55107 -j DNAT --to-destination 10.0.0.2;

PostDown = iptables -t nat -D PREROUTING -p tcp -i eth0 '!' --dport 22 -j DNAT --to-destination 10.0.0.2; iptables -t nat -D POSTROUTING -o eth0 -j SNAT --to-source SERVER_IP
PostDown = iptables -t nat -D PREROUTING -p udp -i eth0 '!' --dport 55107 -j DNAT --to-destination 10.0.0.2;

[Peer]
PublicKey = REDACTED
AllowedIPs = 10.0.0.2/32

    Homeserver wg0.conf:

     
        
[Interface]
Address = 10.0.0.2/24
PrivateKey = REDACTED
 
[Peer]
PublicKey = REDACTED
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Endpoint = SERVER_IP:51820

    (REDACTED would've been the public / private keys, SERVER_IP would've been the VPS IP.)

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • The biggest obstacle for me is the connection between the VPS and my homeserver. I have tried this today and I tried pinging 10.0.0.2 (the homeserver IP via WireGuard) and get this as a result:

     
        
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Destination address required
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Destination address required
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1019ms

    Not sure why though.

  • How can I bypass CGNAT by using a VPS with a public IPv4 address?

    Jump

  • Not really, pinging my homeserver via the VPS returns:

     
        
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Destination address required
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Destination address required
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1019ms
  • Selfhosted @lemmy.world
    AlexPewMaster @lemmy.zip

    How can I bypass CGNAT by using a VPS with a public IPv4 address?

  • After some trial and error, I've managed to successfully deploy public instances of privacy-respecting services!

    Jump

  • Hey, thank you for your blog post. I'm definitely reconsidering my choices with Cloudflare tunnels. I will take a look at the VPS setup. Privacy is something that I really care about, so this would be pretty useful. I would definitely be ready to pay 3.29€ per month for the privacy aspects of this setup.

  • After some trial and error, I've managed to successfully deploy public instances of privacy-respecting services!

    Jump

  • Thanks! I'm glad that I could show you some other services!

  • Selfhosted @lemmy.world
    AlexPewMaster @lemmy.zip

    After some trial and error, I've managed to successfully deploy public instances of privacy-respecting services!

    reallyaweso.me
  • Selfhosted @lemmy.world
    AlexPewMaster @lemmy.zip

    Can a Raspberry Pi 5 with 8 GB of RAM handle my needs?

  • Selfhosted @lemmy.world
    AlexPewMaster @lemmy.zip

    Owners of a domain, which domain registrar did you choose and why?

  • Linux @lemmy.ml
    AlexPewMaster @lemmy.zip

    What is the /opt directory?

  • Selfhosted @lemmy.world
    AlexPewMaster @lemmy.zip

    What's the deal with Docker?