Last active
October 7, 2025 00:15
-
-
Save jack3898/55bcaadd3293c312ae4971b65c60c824 to your computer and use it in GitHub Desktop.
Enable TCP/UDP passthrough to tailnet via Public IP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo iptables -L -v -n |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Clears all user defained chains | |
| sudo iptables -F | |
| sudo iptables -X | |
| sudo iptables -Z |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enable IP forwarding | |
| sysctl -w net.ipv4.ip_forward=1 | |
| PORT=<SET> | |
| TAILSCALE_MACHINE_IP=<SET> # Can be a subnet IP if you're using a subnet router! | |
| # Repeat for each port you want to forward | |
| # Set eth0 to your relevant networking interface (on the proxy) | |
| # | |
| sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $PORT -j DNAT --to-destination $TAILSCALE_MACHINE_IP:$PORT | |
| sudo iptables -t nat -A PREROUTING -i eth0 -p udp --dport $PORT -j DNAT --to-destination $TAILSCALE_MACHINE_IP:$PORT | |
| sudo iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE | |
| # Above rules are not persistent, so install a package to help us make it persistent | |
| apt install iptables-persistent | |
| # Make all changes to iptables persistant! | |
| sudo netfilter-persistent save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment