Did you enable forwarding?
On July 25, 2021 10:22:58 PM MDT, Vincent Lee <vinc...@vincent-lee.net> wrote: >Hi all, I'm running into some trouble trying to configure a >network. I'll try to keep it concise: > >Background: > >1. I have an OpenBSD Vultr VPS. It serves various odds and ends on >external IP address $foo, and runs 6.9 + syspatches. > >2. I have a second Linux machine located on a residential network with >unstable external IP. I'd like to avoid dynamic DNS services, having to >configure port-forwarding, etc. > >3. The two machines are linked by a confirmed-working Wireguard >tunnel. The VPS has address 10.0.0.1 and the Linux machine has address >10.0.0.2 in the tunnel. > >Objective: > >1. I want to expose a stable, routable IP address for the Linux machine, >regardless of the state of the residential network, by proxying through >my VPS. > >2. This address should be logically distinct from the existing address >for the VPS, as there is an overlap in the services each will >serve. (e.g. I could plausibly serve one website from the VPS and a >separate one from the Linux machine.) > >What I've tried: > >1. I've requested a second IP address $bar for my VPS and added it as an >inet alias address in hostname.if. With only this configuration, pinging >address $bar (which routes to the VPS) works. > >2. Next, I tried adding a pf redirect on the VPS: pass in from any to >$bar rdr-to 10.0.0.2 > >3. I tried pinging and ssh-ing to address $bar after adding this rule >and reloading pf rules, but traffic don't seem to be getting to the >Linux box. > >4. I tried also a binat rule: pass on egress from 10.0.0.2 to any >binat-to $bar with the same result. > >Any obvious problems, and is there an easier way to achieve my >objective? >