I have configures NextCloudPi on a Raspberry Pi at home and it works quite well. However, the NAT config with the adsl modem is instable. Therefore, I configured a Tinc VPN server on DigitalOcean (the Tinc server) to which is connected the NextCloudPi.
On the Tinc server, I configured the port forwarding with iptables. This is the script I use to activate it:
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.7.3:80
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.0.7.3:443
iptables -t nat -A POSTROUTING -j MASQUERADE
However, the last code, MASQUERATE, prevent the Tinc server to connect to http (i.e. the apt server). So far, the solution I found is to desactivate the iptables rules when I need to update the Tinc server, but I am sure there is a better way to do so.
Question: would it be possible to improve the iptables script so it does not block the access to the apt servers?
Alternatively, I could adapt the iptables rules to forward the port 8080 of the Tinc server to the NextCloudPi 80 port, but I did not managed so far (the NextCloudPi uses the ports 80 (http) and 443 (https)).
Thanks in advance for your suggestions!
Pierre
Ok, I eventually found a solution, in case someone else would face the same problem: adding the parameter "-o [net]" in the MASQUERADE rule:
Best regards, Pierre