UDP Cloud Reverse Proxy

Hi everyone,

I have been struggling with getting UDP traffic proxied from my AWS EC2 instance to my homelab. TCP traffic is working as intended through the proxy. Non proxied UDP traffic is also working.

Intent is to mask my home IP while allowing for modular IP replacement via Elastic and maybe fail2ban for additional filtering. That being said, I am open to suggestions if I am taking the hard road here.

On my RHEL8 EC2 instance, I am using Nginx stream to route UDP/TCP traffic to my homelab IP.

`stream {`

`server {`

`listen 12345 udp;`

`proxy_pass homelab.mydomain.com:12345;`

`proxy_responses 0;`

`}`

`}`

I am running an Ubiquiti EdgeRouter 4 as my home router. Autofirewall and hairpin NAT are off. eth0 is WAN and eth2 holds the services I am routing to.

DNAT rule:

`Inbound interface eth0`

`Address: `

`Port: 12345`

`Protocol: UDP`

`Dest port: 12345`

Eth0 in rule:

`Action: Accept`

`Protocol: UDP`

`State: New`

`Destination address: `

`Destination port: 12345`

Eth2 out rule:

`Action: Accept`

`Protocol: UDP`

`State: New`

`Destination address: `

`Destination port: 12345`

Eth2 in rule:

`Action: Accept`

`Protocol: All`

`State: New, Established, Related`

`Source address group: (this server is a part of this group)`

`Destination address:`[`0.0.0.0/0`](https://0.0.0.0/0)

Additional details:

* I have a domain registered which has a record(s) corresponding to my AWS public ip/homelab ip.
* EC2 instance has a security group which is open to all ports/protocols from my homelab IP and one public UDP port related to traffic 12345.
* Source/destination check has been disabled for the EC2 network interface.
* I have set net.ipv4.ip\_forward = 1 on my EC2 instance.
* Eth0 in and eth2 out both have accepts for established and related connections.
* I am seeing all of the appropriate rules logging when I turn logging on for the respective rules above.
* I have tried both nginx and iptables for forwarding/masquerading and still no luck.

Any help is appreciated, and if any info can be gathered that I missed - I can retrieve that. I'm just lost as how to troubleshoot further.

Leave a Comment