Search the Community

I'm not sure how to configure iptables to allow port 12345 through Wireguard and hit my qBittorrent docker container. I have an active port forward in my TorGuard control panel. Here's the setup This is the config on iptables-restore (runs at boot): Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Additional info: # wg-quick up wg0 [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add ##.##.###.##/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] resolvconf -a wg0 -m 0 -x [#] wg set wg0 fwmark 51820 [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 [#] ip -4 rule add not fwmark 51820 table 51820 [#] ip -4 rule add table main suppress_prefixlength 0 [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 [#] nft -f /dev/fd/63 # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default _gateway 0.0.0.0 UG 600 0 0 wlp2s0 ##.##.###.0 * 255.255.255.0 U 0 0 0 wg0 192.168.1.0 * 255.255.255.0 U 600 0 0 wlp2s0 Start Docker: # systemctl start docker # iptables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain DOCKER (2 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (2 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere Info after # docker-compose up. I see the rule to accept 12345 is configured for the container # docker network inspect torrents_default [ { "Name": "torrents_default", "Id": "OMITTED", "Created": "OMITTED", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.20.0.0/16", "Gateway": "172.20.0.1" } ] }, "Internal": false, "Attachable": true, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "OMITTED": { "Name": "jackett", "EndpointID": "OMITTED", "MacAddress": "OMITTED", "IPv4Address": "172.20.0.2/16", "IPv6Address": "" }, "OMITTED": { "Name": "flaresolverr", "EndpointID": "OMITTED", "MacAddress": "OMITTED", "IPv4Address": "172.20.0.3/16", "IPv6Address": "" }, "OMITTED": { "Name": "qbittorrent", "EndpointID": "OMITTED", "MacAddress": "OMITTED", "IPv4Address": "172.20.0.4/16", "IPv6Address": "" } }, "Options": {}, "Labels": { "com.docker.compose.network": "default", "com.docker.compose.project": "torrents", "com.docker.compose.version": "1.29.2" } } ] # iptables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain DOCKER (2 references) target prot opt source destination ACCEPT tcp -- anywhere 172.20.0.2 tcp dpt:9117 ACCEPT tcp -- anywhere 172.20.0.3 tcp dpt:8191 ACCEPT tcp -- anywhere 172.20.0.4 tcp dpt:12345 ACCEPT tcp -- anywhere 172.20.0.4 tcp dpt:http-alt Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (2 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default _gateway 0.0.0.0 UG 600 0 0 wlp2s0 10.13.120.0 * 255.255.255.0 U 0 0 0 wg0 172.17.0.0 * 255.255.0.0 U 0 0 0 docker0 172.20.0.0 * 255.255.0.0 U 0 0 0 br-9d4196d52322 192.168.1.0 * 255.255.255.0 U 600 0 0 wlp2s0 # TorGuard WireGuard Config [Interface] PrivateKey = OMITTED ListenPort = 51820 DNS = 1.1.1.1 Address = 12.12.123.12/24 [Peer] PublicKey = OMITTED AllowedIPs = 0.0.0.0/0 Endpoint = 123.123.123.123:1443 PersistentKeepalive = 25 So I'm supposing that I have to allow port 12345 into the default INPUT chain? I was able to download a torrent, but there is 0 uploaded data from it. I also am unable to access qBittorrent on localhost and have to use it's ip address instead. Any suggestions or feedback on this config is welcome.

Okay so I can't figure this out for the life of me. I've been having seeding ever since I switched to TorGuard, so naturally it seems like a port forwarding issue. My download speed is fine, but I'm lucky if any of my 500+ linux isos are seeding at all, and when they do, its 100kbps ish After talking with support they say it's not possible to forward a port and use it inside of unraid, which makes no since to me. Anyone have this same problem with a fix? Thanks!