Comment on Share single service via WireGuard
phase@lemmy.8th.world 2 weeks ago
You don’t really need forwarding as you don’t need NAT here.
A part of the filtering can be done by wireguard by setting the allowed IPs correctly.
Just check if only one service is listening on the server port you’ll allow.
Now a question: all without tls right? ;)
syaochan@feddit.it 2 weeks ago
Could you elaborate what you mean with setting the allowed IPs? Yes, without tls.
phase@lemmy.8th.world 2 days ago
Apologies for the delay. On the VPN termination point, you have to set the allowed IP addresses. On the case of a client, a /32 is enough. It means that only this IP would be receiving responses. A client with a different IP address would be able to inly send packets, not to get any back, thus not able to get a TCP session. I think it is enough and rhat no additional FW rule is needed.