F5F Stay Refreshed Power Users Networks The iptables forwarding feature has ceased functioning unexpectedly.

The iptables forwarding feature has ceased functioning unexpectedly.

The iptables forwarding feature has ceased functioning unexpectedly.

A
AufulPanda
Junior Member
Find
28
12-11-2023, 07:34 PM
#1
I have a web server running on a home network. For public access, I rely on a VPS with a public IPv4 address connected via WireGuard VPN. The VPN network is 192.168.99.0/24, the VPS IP is 192.168.99.1 and the web server is at 192.168.99.4. On the VPS, I have these iptables configurations: forwarding all HTTPS traffic to the web server, using DNAT to map port 443 on the VPN interface to the web server's port, and masking the outbound traffic through the VPN. This setup has functioned well recently. However, recently I've lost the ability to reach the HTTPS site. No changes have been made to the system, and I've tried restoring older backups. I've also switched to a different VPS, but some servers from Mullvad VPN still work while others don't. When using check-host.net, all servers except one (Hong Kong) report timeouts, with only that location accessing without issues (confirmed via logs). No blacklists have been set for IP ranges. Standard HTTP traffic passes through the same rules and works from anywhere. Wireshark shows many TCP retransmissions for timeout connections, but these don't appear in logs. I'm unsure why certain IP ranges bypass the issue while others fail. It seems unrelated to recent countermeasures against HTTP2 rapid reset DDoS attacks or how TCP connections behave. I prefer keeping encryption and certificates on my trusted home server, not using a reverse proxy on the VPS. Can anyone help identify the problem? I'm feeling quite confused right now... Why do some IP ranges still connect, while others don't? And why did this happen suddenly?
Reply
Reply
A
AufulPanda
12-11-2023, 07:34 PM #1

I have a web server running on a home network. For public access, I rely on a VPS with a public IPv4 address connected via WireGuard VPN. The VPN network is 192.168.99.0/24, the VPS IP is 192.168.99.1 and the web server is at 192.168.99.4. On the VPS, I have these iptables configurations: forwarding all HTTPS traffic to the web server, using DNAT to map port 443 on the VPN interface to the web server's port, and masking the outbound traffic through the VPN. This setup has functioned well recently. However, recently I've lost the ability to reach the HTTPS site. No changes have been made to the system, and I've tried restoring older backups. I've also switched to a different VPS, but some servers from Mullvad VPN still work while others don't. When using check-host.net, all servers except one (Hong Kong) report timeouts, with only that location accessing without issues (confirmed via logs). No blacklists have been set for IP ranges. Standard HTTP traffic passes through the same rules and works from anywhere. Wireshark shows many TCP retransmissions for timeout connections, but these don't appear in logs. I'm unsure why certain IP ranges bypass the issue while others fail. It seems unrelated to recent countermeasures against HTTP2 rapid reset DDoS attacks or how TCP connections behave. I prefer keeping encryption and certificates on my trusted home server, not using a reverse proxy on the VPS. Can anyone help identify the problem? I'm feeling quite confused right now... Why do some IP ranges still connect, while others don't? And why did this happen suddenly?

Reply
Reply