Recent Discussions
need help with setting up a iptables forwarding (or any forwarding solution) on a vps
Open in DiscordUnanswered
Finnish Hound posted this in #questions
131 messages
2 views
Finnish HoundOP
So I want to use my Oracle VPS as a proxy for my Bedrock server running on my home server. I'm looking at some solutions for this (currently just using playit.gg to proxy my server, but is unreliable)
I'm currently trying to setup some iptables rules for forwarding, but the rules aren't applying as I can't see the rules when i get them listed out. (
VPS = Ubuntu 24.04
Home Server = Debian 12
these are the rules ive added to me rules.v4 file
https://pastebin.com/sYRLQTCE here is the entire rules file
The VPS is able to reach my home server via a Tailscale connection and I can see the udp port 19132 when I run nmap on my home server from my VPS. The VPS also has udp port 19132 open when I nmap the VPS from a linux host (used my home server, too lazy to WSL on my main box)
also a bunch of oracle rules + docker rules as i also host other stuff on the vps
Is there a better service i can run to do this? Am i doing something wrong for iptables?
I'm currently trying to setup some iptables rules for forwarding, but the rules aren't applying as I can't see the rules when i get them listed out. (
sudo iptables -S) VPS = Ubuntu 24.04
Home Server = Debian 12
these are the rules ive added to me rules.v4 file
-A PREROUTING -p udp -m udp --dport 19132 -j DNAT --to-destination 100.64.0.5:19132
-A POSTROUTING -j MASQUERADEhttps://pastebin.com/sYRLQTCE here is the entire rules file
The VPS is able to reach my home server via a Tailscale connection and I can see the udp port 19132 when I run nmap on my home server from my VPS. The VPS also has udp port 19132 open when I nmap the VPS from a linux host (used my home server, too lazy to WSL on my main box)
also a bunch of oracle rules + docker rules as i also host other stuff on the vps
Is there a better service i can run to do this? Am i doing something wrong for iptables?
Finnish HoundOP
hello?
@Finnish Hound hello?
Finnish HoundOP
.
@Finnish Hound .
Stony gall
I'm writing a text about this
can you wait
@Stony gall I'm writing a text about this
Finnish HoundOP
wait you were?
mb
Stony gall
STEP 1: ENABLE IP FORWARDING ON VPS
Edit sysctl config:
sudo nano /etc/sysctl.conf
Add or uncomment:
net.ipv4.ip_forward = 1
Apply it:
sudo sysctl -p
----
STEP 2: SET UP IPTABLES RULES
We're using iptables legacy mode (not nftables).
On your VPS, run:
sudo iptables -t nat -A PREROUTING -p udp --dport 19132 -j DNAT --to-destination 100.64.0.5:19132
sudo iptables -t nat -A POSTROUTING -p udp -d 100.64.0.5 --dport 19132 -j MASQUERADE
----
STEP 3: SAVE IPTABLES RULES ( do this after a reboot )
Install iptables-persistent:
sudo apt update
sudo apt install iptables-persistent
Save current rules:
sudo netfilter-persistent save
This saves both v4 and v6 rules to:
- /etc/iptables/rules.v4
- /etc/iptables/rules.v6
----
STEP 4: CONFIGURE FIREWALL
Make sure port 19132 UDP is open on the VPS firewall:
If using UFW:
sudo ufw allow 19132/udp
Also check Oracle Cloud's network security list:
Go to your instance’s subnet > Security Lists > Ingress Rules > Add one:
- Source CIDR: 0.0.0.0/0
- Protocol: UDP
- Port Range: 19132
(It should be those tabs If I remember correct)
----
STEP 5: TEST
Have someone try to connect to your VPS’s public IP in Minecraft (default Bedrock port: 19132). It should forward correctly to your home server.
----
NOTES:
- This setup doesn’t encrypt traffic. If you care about security, consider doing this over WireGuard.
- If the VPS has multiple interfaces, make sure routing is correct.
Let me know if anything doesn’t work, I'll try my best on this.
Edit sysctl config:
sudo nano /etc/sysctl.conf
Add or uncomment:
net.ipv4.ip_forward = 1
Apply it:
sudo sysctl -p
----
STEP 2: SET UP IPTABLES RULES
We're using iptables legacy mode (not nftables).
On your VPS, run:
sudo iptables -t nat -A PREROUTING -p udp --dport 19132 -j DNAT --to-destination 100.64.0.5:19132
sudo iptables -t nat -A POSTROUTING -p udp -d 100.64.0.5 --dport 19132 -j MASQUERADE
----
STEP 3: SAVE IPTABLES RULES ( do this after a reboot )
Install iptables-persistent:
sudo apt update
sudo apt install iptables-persistent
Save current rules:
sudo netfilter-persistent save
This saves both v4 and v6 rules to:
- /etc/iptables/rules.v4
- /etc/iptables/rules.v6
----
STEP 4: CONFIGURE FIREWALL
Make sure port 19132 UDP is open on the VPS firewall:
If using UFW:
sudo ufw allow 19132/udp
Also check Oracle Cloud's network security list:
Go to your instance’s subnet > Security Lists > Ingress Rules > Add one:
- Source CIDR: 0.0.0.0/0
- Protocol: UDP
- Port Range: 19132
(It should be those tabs If I remember correct)
----
STEP 5: TEST
Have someone try to connect to your VPS’s public IP in Minecraft (default Bedrock port: 19132). It should forward correctly to your home server.
----
NOTES:
- This setup doesn’t encrypt traffic. If you care about security, consider doing this over WireGuard.
- If the VPS has multiple interfaces, make sure routing is correct.
Let me know if anything doesn’t work, I'll try my best on this.
@Finnish Hound
^^
Finnish HoundOP
ports already opened on vps via a network sec group
ill do it and get back to you
Stony gall
waiting for ya
Finnish HoundOP
oh yea and network forwarding is also enabled
for step 3, i already got netfilters-persistent/iptables-persistent installed, do i reboot and then run
sudo netfilter-persistent save?Stony gall
you can probably skip some of the steps then
Finnish HoundOP
just ran the iptables commands
Stony gall
Ensure the firewall rules are set correctly using iptables then sudo netfilter-persistent save
To make sure the rules are loaded properly when the server starts, you can manually restart the firewall service with sudo netfilter-persistent reload
You don’t need to reboot the whole server btw
Finnish HoundOP
should be good in terms of the ports being open
image.png
Stony gall
👍
Finnish HoundOP
actually iirc, iptables-persistent disabled ufw doesnt it?
Stony gall
yes
just do sudo ufw disable
then sudo systemctl stop ufw
Loading...
Loading...