nftables firewall rule to forward UDP port 30000 to a Raspberry Pi in my LAN

[esbeeb]

Hello,
I have a cloud VPS server, and I want to port-forward UDP port 30000 to a Raspberry Pi within my LAN, where I'm running luanti. I have a working wireguard tunnel established between this Raspberry Pi, and the cloud server. From the cloud server, I can successfully ping the Raspberry Pi within the wireguard tunnel.

I've hand-compiled the luanti server for ARM, and it runs successfully within my LAN - I can locally connect to it and play Voxelibre on it. And I can successfully connect to that Wireguard address. It's just that there's no remote access to it.

Does anyone else do this (have the luanti server within their LAN, but accepts remote connection)? I'd prefer not to run my luanti server right on the cloud server.

Does anybody have experience with linux nftables firewalling rules? I want to port-forward UDP 30000 to the Raspberry Pis' UDP port 30000, at the wireguard address of the Raspberry Pi.

Note: I see a tutorial for such nftables port-forwarding here:
https://docs.redhat.com/en/documentatio ... g_nftables
...but I'm using Debian on my cloud VPS.

[Blockhead]

This kind of setup is typically called a "Reverse proxy". Your cloud server forwards requests onto your Pi without telling the end user where the Pi is.

Is something preventing you from using ntftables? I don't think Debian leaves you stuck on iptables but has iptables in the package repositories.

[esbeeb]

I do have nftables already. It's just really hard to configure. I tried out a reverse proxy with nginx - which can forward the UDP packets, using its "stream" module. I'm much more familiar with nginx. This reverse-proxied UDP connection worked, but wasn't very stable though. Connections would drop mid-game. I moved the Luanti server to a cloud VPS (no reverse proxy). Is much more stable now.