Bug: VPN_PORT_FORWARDING_LISTENING_PORT not working

[Rowdy]

Is this urgent?

None

Host OS

Ubuntu

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-10-12T14:29:01.263Z (commit 2388e05)

What's the problem 🤔

It's not crashing anymore but also not working... the forwarded port is just a random one, not the one defined in the docker compose yml: - VPN_PORT_FORWARDING_LISTENING_PORT=53411

As you suggested I should reference the old issue.
Thanks in advance.

Share your logs (at least 10 lines)

2024-10-12T23:09:53+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.21 and family v4
2024-10-12T23:09:53+02:00 INFO [routing] adding route for 0.0.0.0/0
2024-10-12T23:09:53+02:00 INFO [firewall] setting allowed subnets...
2024-10-12T23:09:53+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.21 and family v4
2024-10-12T23:09:53+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-12T23:09:53+02:00 INFO [http server] http server listening on [::]:8000
2024-10-12T23:09:53+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-12T23:09:53+02:00 INFO [firewall] allowing VPN connection...
2024-10-12T23:09:53+02:00 INFO [wireguard] Using userspace implementation since Kernel support does not exist
2024-10-12T23:09:53+02:00 INFO [wireguard] Connecting to 188.3.132.139:51820
2024-10-12T23:09:53+02:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-10-12T23:09:53+02:00 INFO [dns] downloading hostnames and IP block lists
2024-10-12T23:09:58+02:00 INFO [healthcheck] healthy!
2024-10-12T23:10:09+02:00 INFO [dns] DNS server listening on [::]:53
2024-10-12T23:10:09+02:00 INFO [dns] ready
2024-10-12T23:10:10+02:00 INFO [ip getter] Public IP address is 188.3.132.143 (Netherlands, Utrecht, Veenendaal)
2024-10-12T23:10:10+02:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-10-12T23:10:10+02:00 INFO [port forwarding] starting
2024-10-12T23:10:10+02:00 INFO [port forwarding] gateway external IPv4 address is 188.3.132.143
2024-10-12T23:10:10+02:00 INFO [port forwarding] port forwarded is 38685
2024-10-12T23:10:10+02:00 INFO [firewall] setting allowed input port 38685 through interface tun0...
2024-10-12T23:10:10+02:00 WARN [firewall] IPv6 port redirection disabled because your kernel does not support IPv6 NAT: command failed: "ip6tables-legacy -t nat --append PREROUTING -i tun0 -p tcp --dport 38685 -j REDIRECT --to-ports 53411": ip6tables v1.8.10 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.: exit status 3
2024-10-12T23:10:10+02:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port

Share your configuration

version: "2.1"
services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    security_opt:
      - no-new-privileges:true
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - ./gluetun/:/gluetun
    environment:
      #https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/protonvpn.md
      - UPDATER_PERIOD=24h
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=wireguard
      - SERVER_COUNTRIES=Netherlands
      - WIREGUARD_PRIVATE_KEY=xyz
      - VPN_PORT_FORWARDING=on
      - TZ=Europe/Berlin
      - VPN_PORT_FORWARDING_LISTENING_PORT=53411

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[qdm12]

It's not crashing anymore but also not working... the forwarded port is just a random one, not the one defined in the docker compose yml: - VPN_PORT_FORWARDING_LISTENING_PORT=53411

We have no control over the port you get assigned from protonvpn; however the port redirection (for ipv4 only here) should work fine. It's not really logged if it works though, but it's active. You can use LOG_LEVEL=debug to see the iptables redirection command ran to redirect that port.

[Rowdy]

Doesn't look to good to be honest.
It doesn't look like it's working?!

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-11-03T22:22:21.192Z (commit 96a8015)

📣 All control server routes will become private by default after the v3.41.0 release

🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? [email protected]
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-11-04T15:40:51+01:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.21 and family v4
2024-11-04T15:40:51+01:00 INFO [routing] local ethernet link found: eth0
2024-11-04T15:40:51+01:00 INFO [routing] local ipnet found: 172.18.0.0/16
2024-11-04T15:40:51+01:00 INFO [firewall] enabling...
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/iptables-legacy --policy INPUT DROP
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/iptables-legacy --policy OUTPUT DROP
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/iptables-legacy --policy FORWARD DROP
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --policy INPUT DROP
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --policy OUTPUT DROP
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --policy FORWARD DROP
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/iptables-legacy --append INPUT -i lo -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --append INPUT -i lo -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/iptables-legacy --append OUTPUT -o lo -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --append OUTPUT -o lo -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/iptables-legacy --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/iptables-legacy --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/iptables-legacy --append OUTPUT -o eth0 -s 172.18.0.21 -d 172.18.0.0/16 -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --append OUTPUT -o eth0 -d ff02::1:ff00:0/104 -j ACCEPT
2024-11-04T15:40:51+01:00 DEBUG [firewall] /sbin/iptables-legacy --append INPUT -i eth0 -d 172.18.0.0/16 -j ACCEPT
2024-11-04T15:40:51+01:00 INFO [firewall] enabled successfully
2024-11-04T15:40:52+01:00 INFO [storage] merging by most recent 20553 hardcoded servers and 20621 servers read from /gluetun/servers.json
2024-11-04T15:40:52+01:00 INFO [storage] Using protonvpn servers from file which are 89 days more recent
2024-11-04T15:40:53+01:00 DEBUG [netlink] IPv6 is supported by link lo
2024-11-04T15:40:53+01:00 INFO Alpine version: 3.20.3
2024-11-04T15:40:53+01:00 INFO OpenVPN 2.5 version: 2.5.10
2024-11-04T15:40:53+01:00 INFO OpenVPN 2.6 version: 2.6.11
2024-11-04T15:40:53+01:00 INFO IPtables version: v1.8.10
2024-11-04T15:40:53+01:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: wireguard
|   |   |   ├── Countries: netherlands
|   |   |   ├── Port forwarding only servers: yes
|   |   |   └── Wireguard selection settings:
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: 53411
|   |       ├── Use port forwarding code for current provider
|   |       └── Forwarded port file path: /tmp/gluetun/forwarded_port
|   └── Wireguard settings:
|       ├── Private key: KA6...UM=
|       ├── Interface addresses:
|       |   └── 10.2.0.2/32
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Upstream resolvers:
|       |   └── cloudflare
|       ├── Caching: yes
|       ├── IPv6: no
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: debug
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   ├── Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
|   └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: europe/berlin
├── Public IP settings:
|   ├── IP file path: /tmp/gluetun/ip
|   ├── Public IP data base API: ipinfo
|   └── Public IP data backup APIs:
|       ├── ifconfigco
|       ├── ip2location
|       └── cloudflare
├── Server data updater settings:
|   ├── Update period: 24h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: protonvpn
└── Version settings:
    └── Enabled: yes
2024-11-04T15:40:53+01:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.21 and family v4
2024-11-04T15:40:53+01:00 DEBUG [netlink] ip -4 rule list
2024-11-04T15:40:53+01:00 DEBUG [netlink] ip -6 rule list
2024-11-04T15:40:53+01:00 DEBUG [netlink] ip -f 0 rule add from 172.18.0.21/32 lookup 200 pref 100
2024-11-04T15:40:53+01:00 INFO [routing] adding route for 0.0.0.0/0
2024-11-04T15:40:53+01:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
2024-11-04T15:40:53+01:00 INFO [firewall] setting allowed subnets...
2024-11-04T15:40:53+01:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.21 and family v4
2024-11-04T15:40:53+01:00 DEBUG [netlink] ip -4 rule list
2024-11-04T15:40:53+01:00 DEBUG [netlink] ip -6 rule list
2024-11-04T15:40:53+01:00 DEBUG [netlink] ip -f 0 rule add to 172.18.0.0/16 lookup 254 pref 98
2024-11-04T15:40:53+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-11-04T15:40:53+01:00 INFO [http server] http server listening on [::]:8000
2024-11-04T15:40:53+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Wireguard server public key: xyz=
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Wireguard client private key: QA6...UM=
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-11-04T15:40:53+01:00 INFO [firewall] allowing VPN connection...
2024-11-04T15:40:53+01:00 DEBUG [firewall] /sbin/iptables-legacy --append OUTPUT -d 212.92.104.241 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2024-11-04T15:40:53+01:00 DEBUG [firewall] /sbin/iptables-legacy --append OUTPUT -o tun0 -j ACCEPT
2024-11-04T15:40:53+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --append OUTPUT -o tun0 -j ACCEPT
2024-11-04T15:40:53+01:00 DEBUG [netlink] wireguard family not found, trying to load wireguard kernel module
2024-11-04T15:40:53+01:00 DEBUG [netlink] failed loading wireguard kernel module: getting modules information: modules directory not found: /lib/modules/4.4.302+, /usr/lib/modules/4.4.302+ are not valid existing directories; have you bind mounted the /lib/modules directory?
2024-11-04T15:40:53+01:00 INFO [wireguard] Using userspace implementation since Kernel support does not exist
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: decryption worker 5 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: encryption worker 3 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: encryption worker 1 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: handshake worker 1 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: encryption worker 2 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: decryption worker 1 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: encryption worker 4 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: decryption worker 2 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: decryption worker 7 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: handshake worker 3 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: handshake worker 2 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: handshake worker 5 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: decryption worker 6 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: handshake worker 6 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: handshake worker 4 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: encryption worker 7 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: encryption worker 6 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: encryption worker 5 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: decryption worker 8 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: handshake worker 8 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: handshake worker 7 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: decryption worker 4 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: encryption worker 8 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: TUN reader - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: event worker - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Interface up requested
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: decryption worker 3 - started
2024-11-04T15:40:53+01:00 INFO [wireguard] Connecting to 212.92.104.241:51820
2024-11-04T15:40:53+01:00 DEBUG [wireguard] UDP bind has been updated
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Interface state was Down, requested Up, now Up
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: receive incoming v6 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] UAPI: Updating private key
2024-11-04T15:40:53+01:00 DEBUG [wireguard] UAPI: Updating fwmark
2024-11-04T15:40:53+01:00 DEBUG [wireguard] UAPI: Removing all peers
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - UAPI: Created
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - UAPI: Updating endpoint
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - UAPI: Removing all allowedips
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - UAPI: Adding allowedip
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - UAPI: Adding allowedip
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - Starting
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - Routine: sequential receiver - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Routine: receive incoming v4 - started
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - Routine: sequential sender - started
2024-11-04T15:40:53+01:00 DEBUG [netlink] ip -f inet6 rule add lookup 51820 pref 101
2024-11-04T15:40:53+01:00 DEBUG [netlink] ip -f inet rule add lookup 51820 pref 101
2024-11-04T15:40:53+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-04T15:40:53+01:00 DEBUG [wireguard] Interface up requested
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - Sending handshake initiation
2024-11-04T15:40:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - Received handshake response
2024-11-04T15:40:53+01:00 INFO [dns] downloading hostnames and IP block lists
2024-11-04T15:40:58+01:00 INFO [healthcheck] healthy!
2024-11-04T15:41:00+01:00 INFO [dns] DNS server listening on [::]:53
2024-11-04T15:41:00+01:00 INFO [dns] ready
2024-11-04T15:41:00+01:00 INFO [ip getter] Public IP address is 212.92.104.248 (Netherlands, North Brabant, Roosendaal - source: ipinfo)
2024-11-04T15:41:01+01:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-11-04T15:41:01+01:00 INFO [port forwarding] starting
2024-11-04T15:41:01+01:00 INFO [port forwarding] gateway external IPv4 address is 212.92.104.248
2024-11-04T15:41:01+01:00 INFO [port forwarding] port forwarded is 49831
2024-11-04T15:41:01+01:00 INFO [firewall] setting allowed input port 49831 through interface tun0...
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy --append INPUT -i tun0 -p tcp -m tcp --dport 49831 -j ACCEPT
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --append INPUT -i tun0 -p tcp -m tcp --dport 49831 -j ACCEPT
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy --append INPUT -i tun0 -p udp -m udp --dport 49831 -j ACCEPT
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/ip6tables-legacy --append INPUT -i tun0 -p udp -m udp --dport 49831 -j ACCEPT
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy -t nat --append PREROUTING -i tun0 -p tcp --dport 49831 -j REDIRECT --to-ports 53411
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy --append INPUT -i tun0 -p tcp -m tcp --dport 53411 -j ACCEPT
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy -t nat --append PREROUTING -i tun0 -p udp --dport 49831 -j REDIRECT --to-ports 53411
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy --append INPUT -i tun0 -p udp -m udp --dport 53411 -j ACCEPT
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/ip6tables-legacy -t nat --append PREROUTING -i tun0 -p tcp --dport 49831 -j REDIRECT --to-ports 53411
2024-11-04T15:41:01+01:00 WARN [firewall] IPv6 port redirection disabled because your kernel does not support IPv6 NAT: command failed: "ip6tables-legacy -t nat --append PREROUTING -i tun0 -p tcp --dport 49831 -j REDIRECT --to-ports 53411": ip6tables v1.8.10 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.: exit status 3
2024-11-04T15:41:01+01:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-11-04T15:41:46+01:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-11-04T15:41:46+01:00 DEBUG [port forwarding] port forwarded 49831 maintained
2024-11-04T15:42:31+01:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-11-04T15:42:31+01:00 DEBUG [port forwarding] port forwarded 49831 maintained
2024-11-04T15:42:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - Sending handshake initiation
2024-11-04T15:42:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - Received handshake response
2024-11-04T15:42:53+01:00 DEBUG [wireguard] peer(MdCt…CVVY) - Sending keepalive packet

[Rowdy]

The iptables redirection also on IPv4 is not working 😞

[qdm12]

It is setup correctly for IPv4:

2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy -t nat --append PREROUTING -i tun0 -p tcp --dport 49831 -j REDIRECT --to-ports 53411
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy --append INPUT -i tun0 -p tcp -m tcp --dport 53411 -j ACCEPT
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy -t nat --append PREROUTING -i tun0 -p udp --dport 49831 -j REDIRECT --to-ports 53411
2024-11-04T15:41:01+01:00 DEBUG [firewall] /sbin/iptables-legacy --append INPUT -i tun0 -p udp -m udp --dport 53411 -j ACCEPT

You might be misunderstanding how the VPN server port forwarding works, what's your use case? I guess it's torrenting, and, if so, the forwarded port has to be the one assigned by the vpn provider, not the redirected one, since from an external peer perspective, only the VPN provider assigned port is reachable.

You can check it works by following https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/vpn-port-forwarding.md#test-it and replace:

• ./port-checker -port 4567 with ./port-checker -port 53411 (your redirection destination port)
• http://99.99.99.99:4567/ with http://your-vpn-server-ip:49831