I’m a bit out of my depth here with what I’m trying to accomplish. I could be crazy and someone just tell me not possible. But if possible, I would like to find a solution.
I have a wireguard interface connected to a VPN provider. I don’t control the VPN providers network, so when I am using that connection, the IP that I appear as on the internet is out of my control.
I created VLAN5 to use to send traffic over the VPN provider.
I created a routing table so that any traffic not destined for an internal IP, and has VLAN5, should be sent to that routing table, rather than main (which goes out my ISP).
All works as expected.
What I tried to do was create port forwarding to allow incoming connections to be forwarded to machines that use VLAN5. But the incoming traffic has to come to my ISP’s provided public IP. Because the VPN’s public IP does not come to my router. So I can’t handle it.
I setup nat destination and a firewall rule to allow it. The port forwarding works. Watching tcpdump on the internal client, I see the incoming data.
But, I never see any response on the outside machine trying to get in.
I’m assuming this is because the data comes in to IP 1. And my machine sends a response which has VLAN5 tag, so VyOS sends it out of IP 2. And the data either never meets or because the responding IP is different than where the client originally sent the connection to, it is ignored/dropped.
Any ideas how to allow for this?