I signed up with a new ISP and they dont provide me with a external IPv4 address. Ive set up a virtual server (S) (that has an address) to relay all my stuff to my box at home (B) using a wireguard tunnel.
On (S) I configured:
sysctl -w net.ipv4.ip_forward=1
firewall-cmd --zone=external --add-forward-port=port=<EXTERNAL PORT>:proto=<PROTOCOL>:toport=<INTERNAL PORT>:toaddr=<INTERNAL IP>
firewall-cmd --zone=external --add-masquerade
firewall-cmd --zone=external --add-port=<EXTERNAL PORT>/<PROTOCOL>
ON (B) I configured:
firewall-cmd --zone=internal --add-port=<INTERNAL PORT>/<PROTOCOL>
The setup works quite well. All connection arrive at (B), but the source address is (obviously) masqueraded. Just removing the masquerading via firewall-cmd --zone=external --remove-masquerade
on (S) does not work.
My question now is: How can a achieve a similar setup with firewalld, that does not masquerade the source IP addresses, such that I can still analyze the sources on (B)?
Thanks in advance!