Hi community,
i am stucked a bit on following problem:
i am using a VPS Server to have a fixed IP for remote access purposes. i have setup Zerotier there fine (ubuntu 20.04 LTS) and managed with all the faq reading so that i can connect from my smartphone to the vps server and “surf” with the IP of the VPS Server.
Now i would like to tunnel a port from this VPS Server via Zeroptier to a client in the network (a windows pc with a webbased configuration tool i would like to make accessable from external users.
UFW Tells me:
sudo ufw status
Status: active
To Action From
9993/udp ALLOW Anywhere
22 ALLOW 1.2.3.4 (office ip)
22 ALLOW 192.168.196.0/24 (thats from internal net)
188.12.13.14 9710/tcp ALLOW Anywhere (thats my VPS Server IP) i want to use Port 9710
9993/udp (v6) ALLOW Anywhere (v6)
In the /etc/ufw/before.rules i added the following
(A) Zerotier NAT
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -d 188.12.13.14 -p tcp --dport 9710 -j DNAT --to-destination 192.168.196.175:9710
-A POSTROUTING -s 192.168.196.0/24 ! -d 192.168.196.0/24 -j MASQUERADE
(the following is part of the “use zerotier as default route”
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -s 192.168.196.0/24 -j SNAT --to-source 188.12.13.14
COMMIT
At the end of the before.rules there i added also for default routing the following:
(B) Zerotier forwarding
-A FORWARD -i zt+ -s 192.168.196.0/24 -d 0.0.0.0/0 -j ACCEPT
-A FORWARD -i ens+ -s 0.0.0.0/0 -d 192.168.196.0/0 -j ACCEPT
don’t delete the ‘COMMIT’ line or these rules won’t be processed
COMMIT
I know that iptables, ufw and routing is a magic part in linux world, but i realy would like to understand what i am doing wrong…
(from the VPS i can ping the internal .175 windows pc, i can also telnet to port 9710, so the zerotier tunnel seems to be fine…
thanks a lot for some tips and help
Wolf.