pull down to refresh

If anyone’s interested, I created a series about Wireguard which ended with port forwarding to achieve the same here.
Not saying using a VPN tunnel is better than a SSH tunnel, but knowing how to use DNAT and SNAT is pretty cool, especially since our internet routers do SNAT all the time. Maybe DNAT and SNAT could be considered a little more advanced than SSH remote port forwarding (again, not trying to judge).
43 sats \ 1 reply \ @Cyrus OP 7 Nov
Hi,great post. port forwarding with wireguard, iptables, SNAT, DNAT are so cool, I recommend everyone to study about it. But the goal of this post is to expose a local lightning node that runs even behind CGNAT, so not only the node is behind NAT, but also the router of the local network. Another issue with wireguard is censorship resistance, it is so easy to identify wireguard traffic over the network, and drop the packets, what is so important in my case, and for everyone living a country that is actively censoring communications, specially vpns, for us pure wireguard is not a solution.
reply
4 sats \ 0 replies \ @ek 7 Nov
But the goal of this post is to expose a local lightning node that runs even behind CGNAT, so not only the node is behind NAT, but also the router of the local network.
How does CGNAT matter in this case? As long as the local lightning node initiates the connection it works the same with SSH or Wireguard.
Another issue with wireguard is censorship resistance
I see, makes sense. I didn’t think about this, thanks!
reply