Expose Mailserver Ports though Tailscale with ip/nftables

ZybSter · November 9, 2021, 3:18pm

Hello tailscale community,

I’m trying to realize the following scenario.
I have rented a VPS which has tailscale installed.
Also I have a server at home which has tailscale installed.

Now I want to use nftables/iptables to forward all mail server ports from the external vps address through tailscale to my homeserver.

From VPS I’m able to telnet the mailserver through tailscale network.

However I’m not able via simple iptable rules to route/nat the traffic through tailscale to my homeserver.

iptables -A FORWARD -i eth0 -o tailscale0 -p tcp --syn --dport 25 -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 100.x.x.x (homeserver)

Does anyone know where the problem could be ?
It seems as if ip/nftables is not able to redirect traffic through tailscale ?

DGentry · November 11, 2021, 1:29am

I don’t think that rule is redirecting the packet to the Tailscale interface. It is rewriting the destination address to 100.x.x.x but then sending it out whatever interface it was going to go out.

You might consider using a userspace forwarder like stunnel or using ssh to forward ports. Those will send the packet into the kernel to be routed, which should take it to the tailscale0 interface.

Topic		Replies	Views
On-host port forwarding with tailscale? SUPPORT QUESTIONS	0	976	April 11, 2023
Preserve source IP when forwarding through Tailscale Linux	3	1063	June 13, 2022
Forwarding port 443 from Public to Tailscale Linux	3	2446	January 18, 2022
DS Lite Problem - how to use Tailscale Tunnle via VPS instead?	2	1444	December 13, 2022
Replae SSH reverse tunnells and what to google Linux	0	435	September 7, 2022

Expose Mailserver Ports though Tailscale with ip/nftables

Related Topics