I am fairly new to ubuntu and need help. I am running ubuntu server on my vps and home server. They are connected via Wireguard and I would like to forward the port 25565/tcp,udp to my home server. I tried many different versions of the prerouting command like Simple port forwarding and https://devstorage.eu/blog/linux-port-forwarding-mit-iptables/ but they only seem to work partly. I can connect to the minecraft server but time out on "Joining world". Pls help me and I am sorry if this is the wrong place to ask the question. I am quite sure that it is possible because I got it working on a Windows Laptop as home server and my vps but I forgot how I did it.
With these rules I encounter the "Joining World" problem:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere ubuntu tcp dpt:25565 to:10.7.0.2:25565
DNAT udp -- anywhere ubuntu udp dpt:25565 to:10.7.0.2:25565
DNAT tcp -- anywhere anywhere tcp dpt:25565 to:10.7.0.2:25565
DNAT udp -- anywhere anywhere udp dpt:25565 to:10.7.0.2:25565
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.7.0.0/24 !10.7.0.0/24 to:82.165.127.112
MASQUERADE all -- !localhost anywhere
SNAT tcp -- anywhere 10.7.0.2 tcp dpt:25565 to:10.7.0.1
SNAT udp -- anywhere 10.7.0.2 udp dpt:25565 to:10.7.0.1
I tried:
iptables -t nat -A PREROUTING -j DNAT -d 10.7.0.1 -p udp --dport 25565 --to 10.7.0.2:25565
iptables -t nat -A PREROUTING -j DNAT -d 10.7.0.1 -p tcp --dport 25565 --to 10.7.0.2:25565
sudo iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 25565 -j DNAT --to-destination 192.168.178.57:25565
sudo iptables -t nat -A PREROUTING -i ens6 -p udp --dport 25565 -j DNAT --to-destination 192.168.178.57:25565
and socat: socat TCP-LISTEN:25565,fork,reuseaddr TCP:10.7.0.2:25565
these command lead to the "Joining world" problem:
sudo iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 25565 -j DNAT --to-destination 10.7.0.2:25565
sudo iptables -t nat -A PREROUTING -i ens6 -p udp --dport 25565 -j DNAT --to-destination 10.7.0.2:25565
iptables -t nat -A POSTROUTING ! -s 127.0.0.1 -j MASQUERADE
Homeserver 10.7.0.2/192.168.178.57 interface: enp12s0
VPS 10.7.01 interface ens6 + public ip: 82*
The ips 10.7.0.1/ .2 were assigned through wiregard and I thought you could use 10.7.0.2 and 192.168.178.57 interchangeably.
I want that when connecting to the vps public ip you would end up at 10.7.0.2 the homeserver.
sudo iptables -xvnL output:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
150991 18835792 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51820
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
273154 551566308 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
53 3381 ACCEPT all -- * * 10.7.0.0/24 0.0.0.0/0
sudo iptables -t nat -xvnL output:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
40 2088 DNAT tcp -- ens6 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25565 to:10.7.0.2:25565
0 0 DNAT udp -- ens6 * 0.0.0.0/0 0.0.0.0/0 udp dpt:25565 to:10.7.0.2:25565
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
37 2345 SNAT all -- * * 10.7.0.0/24 !10.7.0.0/24 to:82.165.127.112
57 7372 MASQUERADE all -- * * !127.0.0.1 0.0.0.0/0
0 0 SNAT tcp -- * ens6 0.0.0.0/0 10.7.0.2 tcp dpt:25565 to:10.7.0.1
0 0 SNAT udp -- * ens6 0.0.0.0/0 10.7.0.2 udp dpt:25565 to:10.7.0.1
