By Crafty-Codes
I have a Wireguard VPN on my droplet and want to open ports for my email server which is connected via VPN. As i have seen the firewall only supports opening ports for specific IP’s from the outside? So is it possible or should i route it? I already tried it to route with nginx with this but it did not work
# nginx wireguard config
server {
listen 51820;
location / {
proxy_pass http://wireguard:51820;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hey,
To manage firewall settings on a DigitalOcean Droplet, especially when setting up specific ports for a VPN like WireGuard, you can use ufw. It’s a user-friendly interface for managing iptables firewall rules on Ubuntu and other Linux distributions.
Here’s a step-by-step guide on using ufw to achieve your objective:
-
Install and Enable UFW: If
ufwis not already installed, you can install it with:sudo apt-get install ufwEnable
ufwwith:sudo ufw enable -
Allow VPN Traffic: Assuming WireGuard is using its default port (51820), you can allow traffic on this port with:
sudo ufw allow 51820/udp -
Configure UFW for Specific IP Addresses: To allow connections to a specific port from a specific IP address, use a command like:
sudo ufw allow from [Your-VPN-Client-IP] to any port [Your-Port]Replace
[Your-VPN-Client-IP]with the IP address of your VPN client and[Your-Port]with the port number you want to open for that IP. -
Allow Email Server Traffic: For your email server, you’ll typically need to open ports like 587 (for SMTP), 993 (for IMAP), and 995 (for POP3). You can do this with:
sudo ufw allow 587 sudo ufw allow 993 sudo ufw allow 995Remember to replace these with the appropriate ports if you’re using non-standard ones.
-
Restrict Traffic on Port 25: It’s important to note that DigitalOcean blocks outbound traffic on port 25 (SMTP) for new accounts to prevent abuse. This means you can’t use this port for email traffic unless DigitalOcean has lifted this restriction for your account.
-
Check and Manage UFW Status: To check the status of your UFW rules, use:
sudo ufw statusThis will list all active rules and their corresponding actions.
-
Deleting or Modifying Rules: If you need to delete or modify a rule, you can do so with
ufw deletefollowed by the rule specification, orufw status numberedto list rules with numbers and thenufw delete [number]to remove a specific rule.
Always double-check your firewall rules to ensure they are correctly configured for your needs. Incorrect firewall settings can lead to security vulnerabilities or connectivity issues.
For more detailed information, you might want to check out the UFW documentation.
Best,
Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.