I have a radio setup on a 4G connection that utilises CG-NAT. This means I am unable to access the radio remotely using the supplied remote software.
To get around this I have setup a cloud VPS wireguard server and have a pfsense router local to the radio that tunnels all traffic from the radio units to the cloud, in turn giving it a static IP that can do port forwards.
The setup looks like
radio --> pfsense router --> <WIREGUARD VPN LINK> --> cloud server --> internet
I have setup the following iptables rules which up until a few months ago worked absolutely fine and allowed me to connect remotely.
iptables -t nat -A PREROUTING -p tcp --dport 4994 -i eth0 -j DNAT --to-destination 10.3.2.4
iptables -t nat -A PREROUTING -p udp --dport 4993 -i eth0 -j DNAT --to-destination 10.3.2.4
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -i eth0 -p tcp -d 10.3.2.4 --dport 4994 -j ACCEPT
iptables -I FORWARD -i eth0 -p udp -d 10.3.2.4 --dport 4993 -j ACCEPT
For reference
- 10.2.3.4 is the IP of the pfsense tunnel on the cloud VPS (right handside of the wireguad VPN link)
- 10.2.3.1 is the IP of the wireguard vpn gateway on the cloud VPS
If i do an nmap scan of the open ports I can see they are open and I can see the traffic hitting the pfsense side of the wireguard connection.
Can anyone point me in the direction of why this now doesn't work or how I can troubleshoot where the problem is?
