Expose Mailserver Ports though Tailscale with ip/nftables

ZybSter · November 9, 2021, 3:18pm

Hello tailscale community,

I’m trying to realize the following scenario.
I have rented a VPS which has tailscale installed.
Also I have a server at home which has tailscale installed.

Now I want to use nftables/iptables to forward all mail server ports from the external vps address through tailscale to my homeserver.

From VPS I’m able to telnet the mailserver through tailscale network.

However I’m not able via simple iptable rules to route/nat the traffic through tailscale to my homeserver.

iptables -A FORWARD -i eth0 -o tailscale0 -p tcp --syn --dport 25 -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 100.x.x.x (homeserver)

Does anyone know where the problem could be ?
It seems as if ip/nftables is not able to redirect traffic through tailscale ?

DGentry · November 11, 2021, 1:29am

I don’t think that rule is redirecting the packet to the Tailscale interface. It is rewriting the destination address to 100.x.x.x but then sending it out whatever interface it was going to go out.

You might consider using a userspace forwarder like stunnel or using ssh to forward ports. Those will send the packet into the kernel to be routed, which should take it to the tailscale0 interface.

Topic		Replies	Views
On-host port forwarding with tailscale? SUPPORT QUESTIONS	0	1637	April 11, 2023
Preserve source IP when forwarding through Tailscale Linux	3	1448	June 13, 2022
Can I use tailscale interface as gateway? Linux	3	3255	July 2, 2022
Route external traffic through Tailscale	3	1093	October 5, 2021
Forwarding port 443 from Public to Tailscale Linux	3	2865	January 18, 2022

Expose Mailserver Ports though Tailscale with ip/nftables

Related Topics