Linux

12676 readers

294 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

How do I pass traffic on some port to a wireguard peer (lemmy.ml)

submitted 21 hours ago by lonesomeCat@lemmy.ml to c/linux@programming.dev

6 comments fedilink hide all child comments

So I have an http server on node A, and a VPS on node B. Both are connected through wireguard on a VPN which consists only of these two nodes. I'm trying to make all the requests that arrive on http/s on node B to be forwarded to A and processed there. Then of course the response must return to the original sender. I've seen a million ways to do it online and I'm hitting a brick wall so how would you do it properly on a fresh install (assuming my firewall, ufw in my case, is disabled. I'll figure it out once routing works as intended)

you are viewing a single comment's thread
view the rest of the comments

[–] dgdft@lemmy.world 1 points 21 hours ago* (last edited 20 hours ago) (1 children)

SSH tunneling is the term for what you need here. You can set it up on either end, and it’ll transparently pipe data from a port on the VPS to your TLS box. Configure the web server to reverse-proxy that port, and you’re up and running.

[–] possiblylinux127@lemmy.zip 1 points 20 hours ago (1 children)

SSH tunneling is really slow and doesn't preserve the source IP

[–] dgdft@lemmy.world -1 points 17 hours ago* (last edited 17 hours ago)

SSH tunnels suffer from TCP over TCP, but it's not too much worse than OpenVPN or wg over TCP on the whole. E.g. https://asciinema.org/a/347146.

Nothing OP mentioned in the post required preserving the source IP, but as your root comment alludes to, standard practice is to set an X- header on the reverse proxy to keep source IP.