How to forward all incoming traffic to server A to server B and B returns it to A?

Question

Suppose I have two servers: A and B. On both I have installed WireGuard.

On server A, wg0 is routed with IP 10.8.0.0/24 and on server B, wg0 is routed with IP 10.7.0.0/24.

Let's say server A's WireGuard is listening on port 4000 and server B's WireGuard is listening on port 5000.

I only want to forward all incoming traffic to server A on port 5000. There are other applications listening on another ports and I do not to forward them.

What I want is:

client connects to --> server A
let's say client says to server A open google.com for me
server A connects to --> server B
let's say server A says to server B open google.com for me
server B reaches google.com
sends data of received from google.com to --> server A
server A sends the received data to --> client

What should be done? The OS is Ubuntu on both servers.

Update 1

S-B's /etc/wireguard/wg0.conf file:

[Interface]
Address = 10.7.0.1/24
PrivateKey = SOME_KEY
ListenPort = PORT_NUMBER

S-A's /etc/wireguard/wg0.conf file:

[Interface]
Address = 10.8.0.1/24
PrivateKey = SOME_KEY
ListenPort = PORT_NUMBER

I connected to S-A's VPN, ping on my cmd 8.8.8.8, it worked. SSHed into S-A while connecting to VPN, ping 8.8.8.8, it worked.

I did the same for S-B and it worked.

I can SSH from S-A to S-B and vice-versa.

One client conf file on S-A:

[Interface]
Address = 10.8.0.2/24
DNS = 8.8.8.8
PrivateKey = PRIVATE

[Peer]
PublicKey = PUBLIC
PresharedKey = PRESHARED
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = IP:PORT
PersistentKeepalive = 25

One client conf file on S-B:

[Interface]
Address = 10.7.0.2/24
DNS = 8.8.8.8
PrivateKey = PRIVATE

[Peer]
PublicKey = PUBLIC
PresharedKey = PRESHARED
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = IP:PORT
PersistentKeepalive = 25

it looks for me similar to https://serverfault.com/questions/1066524/how-to-forward-all-redirect-on-specific-port-to-another-server — djdomi, Jun 13 '21 at 19:17
@djdomi thanks, I saw that but I do not see the answer there or hint to help me, or at least if it exists I cannot find — 1nted, Jun 14 '21 at 03:46
Does this answer your question? [Forward VPN traffic to another server](https://serverfault.com/questions/996727/forward-vpn-traffic-to-another-server) — djdomi, Jun 14 '21 at 04:18
@djdomi I tried that too, but when I connect to VPN-A, then I do not have any internet access. But the server-A itself has internet access when I disconnect. — 1nted, Jun 14 '21 at 04:28
I am unaware of your Setup but did it worked before and did you used NAT? — djdomi, Jun 14 '21 at 04:40
@djdomi I did the setup only via this Git Repo: https://github.com/Nyr/wireguard-install and I did install on both servers via this link. I have internet access on both servers when connected to VPN-A and VPN-B separately (before applying any `ip route` rules). But after applying these rules, I faced issue — 1nted, Jun 14 '21 at 04:42
I suggest since your seems to be online to continue on the chat using https://chat.stackexchange.com/rooms/126433/chat-about-anything-i-asked-on-topics — djdomi, Jun 14 '21 at 04:58
@djdomi I'm afraid I cannot chat:( I must have 20 reputation on The Stack Exchange Network to talk there:( — 1nted, Jun 14 '21 at 05:11
Sadly, so please try this: Y=You/S-A=Server-A,S-B=Server-B -> Y -> S-a ping i.e. 8.8.8.8 - works? repeat for Server B - connect S-A to S-B - repeat ping, connect you from Client to S-A try ping - however, please show us additional the Config of both server/clients without the keys — djdomi, Jun 14 '21 at 05:44
idk, but did you seen already https://github.com/mjtechguy/wireguard-site-to-site (skip until Server Configuration) — djdomi, Jun 14 '21 at 12:46
@djdomi that is only for routing within the server WireGuard itself is installed. That does not route anything to another server — 1nted, Jun 14 '21 at 15:27

How to forward all incoming traffic to server A to server B and B returns it to A?

0 Answers0