Join Log in
Score:0
alexanderh avatar Server

NAT for Debian based WireGuard router in Hetzner cloud

ky flag
alexanderh

I have rented several cloud servers from Hetzner. These are all on a private network (10.20.20.0/24), with only one server of them even having a public IP.

Following this German tutorial, I want to set up a site-to-site connection to my network back home. In part 3 of the tutorial, starting at about minute 14:00, it is shown that Hetzner requires a special setting for the NAT (outbound NAT, see screenshot).

But now I don't want to build my WireGuard tunnel gateway with pfSense, but with Debian. The background idea is that I use the server CAX11 for this and want to use the unused computing power for a few Docker containers. How can I do this outbound NAT with iptables or nftable? My WAN interface with the public IP is eth0 and that of the LAN is enp7s0. enp7s0 gets the address 10.20.20.2/32 assigned.

193
2 + 0
vpn
nat
Score:3
Andreas Piening avatar Server
si flag
Andreas Piening

You should be able to set the outbound NAT rule with

iptables -t nat -A POSTROUTING -o eth0 -s 10.20.20.2/32 -j MASQUERADE

Please make also sure, that IP forwarding is enabled:

sysctl -w net.ipv4.ip_forward=1

You may want to add the setting net.ipv4.ip_forward in your /etc/sysctl.conf to persist it.

+ 1
Andreas Piening avatar
si flag
Andreas Piening
In my example I'm only configuring the outbound NAT for one address. You can of course replace the `-s` option with something like `-s 10.20.20.0/24` if you want to enable outbound NAT for the whole subnet.
0
Reply
Score:0
alexanderh avatar Server
ky flag
alexanderh

I have solved it myself. Unfortunately, I just never found the article until now. :D

https://community.hetzner.com/tutorials/how-to-set-up-nat-for-cloud-networks/de

+ 3
Andreas Piening avatar
si flag
Andreas Piening
Can you please share how you solved this by yourself? It would be interesting for others who may find this question in the future if the commands in the first answer are part of a solution or anything else was required.
1
Reply
alexanderh avatar
ky flag
alexanderh
I followed the steps from the article in my answer and it worked great. But the commands in your answer should work as well.
0
Reply
Andreas Piening avatar
si flag
Andreas Piening
Looking at the article you linked, the commands for the NAT configuration are looking exactly like the commands I gave you in my answer (see https://community.hetzner.com/tutorials/how-to-set-up-nat-for-cloud-networks/de#schritt-3---konfiguration-von-nat). If there's anything holding you back from accepting my answer, please let me know.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.