OVH VPS
Since I no longer have public IPv4 assigned to my modem/router and no way to enable modem/bridge mode I use VPS to terminate incoming traffic for HTTP and VPN-in.
- Type: VPS
vps2020-starter-1-2-20(1 vcore, 2 GiB RAM, 20 GB HDD) - Location: London
os-uk2 -
OS: AlmaLinux 9
- IPv4:
57.128.183.232 - IPv6:
fe80::f816:3eff:fe78:d4a7/64
Justine (172.17.100.3) and Www (172.17.100.2) establish VPN connection to it on port 51322 using 172.17.100.1/24 VPS.
[Interface]
PrivateKey = <REDACTED>
ListenPort = 51322
Address = 172.17.100.1/24
[Peer]
PublicKey = PTu13g5XRIVt+i1DL3g5QujHwL6TJaHkC9z8Kw7pwQE=
AllowedIPs = 172.17.100.2/32
PersistentKeepalive = 300
[Peer]
PublicKey = EnRj9UgoE1qyQ9qK9OU3jZ39tpAo24FTZMdT6nQN0wY=
AllowedIPs = 172.17.100.3/32
PersistentKeepalive = 300IP tables configuration is used to forward and masquerade packets to Justine and Www:
iptables -P INPUT DROP
iptables -A INPUT ! -i vps -d 172.17.100.0/24 -j DROP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -m recent --rcheck --seconds 30 --name SSH -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport <REDACTED> -m recent --set --name SSH -j DROP
iptables -A INPUT -p udp -m udp --dport 51322 -j ACCEPT
sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o vps -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.17.100.2:80
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 172.17.100.2:443
iptables -t nat -A PREROUTING -p udp --dport 34563 -j DNAT --to-destination 172.17.100.3:51821
iptables -t nat -A PREROUTING -p udp --dport 34564 -j DNAT --to-destination 172.17.100.3:51822