I am running an Amazon EC2 Ubuntu 22.04 Instance, which is acting as a Wireguard server. I have a Wireguard client machine (also running Ubuntu 22.04) connecting to the EC2 WG Server instance successfully. The VPN Tunnel is on the 10.10.10.0 network. So the tunnel IP address of the VPN server is 10.10.10.1 and the tunnel IP address of the VPN Client is 10.10.10.2. When the VPN client connects to the server instance, it successfully obtains the Public IP of the Amazon Server Instance. What I need to do is forward ports from the Amazon Instance, to the VPN Client, so that port 443, and port 80, are publicly accessible on the VPN Client.
To do this I modified the rules in /etc/ufw/before.rules to look like the following:
# !HTTP! Forward aws.server.public.ip (Server Public IP) TCP port 80 to 10.10.10.2:80 (The VPN Client IP)
-A PREROUTING -i ens0 -d aws.server.public.ip -p tcp --dport 80 -j DNAT --to-destination 10.10.10.2:80
# !HTTPS! Forward aws.server.public.ip (Server Public IP) TCP port 443 to 10.10.10.2:443 (The VPN Client IP)
-A PREROUTING -i ens0 -d aws.server.public.ip -p tcp --dport 443 -j DNAT --to-destination 10.10.10.2:443
On a Vultr.com Instance, this worked! Contrarily, it seems that Amazon's Public IP is somehow NAT'ed or blocked, and cannot be assigned directly to my instance's VPN Tunnel. Thus, the above rules in the /etc/ufw/before.rules file DOES NOT work on the EC2 Server and doesn't properly forward the ports of the EC2 Public IP to the VPN Client.
My question is, 1) what on the AWS Instance is NAT'ed or blocking my VPN Client from having ports 80 and 443 open after implementing these rules, and 2) how do I properly forward ports 80, and 443 on my Amazon EC2 Server Instance to the VPN Client, so that port 80 and 443 are publicly accessible on the VPN Client?
