Network Configuration :
Internet → VPS → Home Server
I am trying to host some services on homeserver using VPS public ip. I have forwarded ports on VPS. On homeserver, if I set AllowedIPs = 0.0.0.0/0
in wireguard config, port forwarding works and I can access all my services using vps ip address. But all traffic on Homeserver is routed through wireguard which I want to avoid.
If I remove AllowedIPs from config, internet traffic is not routed through wireguard but I cannot access my services either.
I am using wg-quick for wireguard setup.
What I want to do is route all internet traffic without wireguard tunnel, but allow incoming connections on wireguard tunnel so my services are accessible through internet.
Config :
I am only trying to forward port 56000.
VPS :
sudo cat /etc/ufw/before.rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp --dport 56000 -j DNAT --to-destination 10.7.0.5
-A PREROUTING -i eth0 -p udp --dport 56000 -j DNAT --to-destination 10.7.0.5
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
sudo ufw status
Status: active
To Action From
-- ------ ----
10.7.0.5 56000/tcp ALLOW FWD Anywhere
10.7.0.5 56000/udp ALLOW FWD Anywhere
Client has no firewall. Forwarding already works (if AllowedIPs is 0.0.0.0/0)