I had something like this set up where essentially my wireguard VPS acted as a proxy that allowed me to forward all ports to my local machine that’s connected to it.

I had to use AI to figure this out, and I still don’t get it. Here are the commands that I saved:

ip route add 10.0.0.2/32 dev wg0;
iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT;
iptables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT;
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1:65535 -j DNAT --to-destination 10.0.0.2;
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1:65535 -j DNAT --to-destination 10.0.0.2;

This is to be run on the wireguard VPS.

wg0 is the name of the wireguard interface, brought up with something like wg-quick up wg0. eth0 is the name of the network interface.

I don’t fully understand it so I can’t explain it better, but this is what allowed me to forward traffic from my VPS to my computer as though it were a router with open ports.

Hopefully someone more knowledgeable than me can chime in and give clarification.

Having security updates locked behind a paywall is wild.

Canonical clearly has too many resources and they waste those resources on positions that don’t need to exist.