How to set up port forwarding for torrenting with WireGuard VPN on VPS

EDIT: So far I’ve tried the following with no luck

iptables -t nat -A PREROUTING -i enp0s6 -p tcp --dport 32554 -j DNAT --to-destination 10.221.178.2
iptables -t nat -A POSTROUTING -p tcp --dport 32554 -d 10.221.178.2 -j MASQUERADE

I have a VPS (Outside my home network) running a WireGuard VPN (PiVPN + Pi-hole+ Unbound), and I’m trying to set up port forwarding for improved torrenting performance (like what services such as ProtonVPN and AirVPN provide). My Windows 10 computer is the client, and it’s behind a router.

I’ve already configured port forwarding on my router, but I’m struggling to get it working correctly on my VPS. Can someone please provide a step-by-step guide on how to set up port forwarding on my VPS for this purpose?

OS and Network info:
OS running on VPS: Ubuntu 22.04.4 LTS
OS running on PC: WIndows 10
VPS public ip: 1.2.3.4
WireGuard interface: wg0
IPv4 address for wg0: 10.221.178.1
Network adapter on VPS: enp0s6
IPv4 address for enp0s6: 10.0.0.18
Port used for incoming connections on qbittorrent: 32554

Iptables rules: https://rentry.co/pniz3pkn

Wireguard Config
::::  Server configuration shown below   ::::
[Interface]
PrivateKey = server_priv
Address = 10.221.178.1/24,fd11:5ee:bad:c0de::1/64
MTU = 1420
ListenPort = 51820
### begin zephyrus-m ###
[Peer]
PublicKey = zephyrus-m_pub
PresharedKey = zephyrus-m_psk
AllowedIPs = 10.221.178.2/32,fd11:5ee:bad:c0de::2/128
### end zephyrus-m ###
=============================================
::::  Client configuration shown below   ::::
[Interface]
PrivateKey = zephyrus-m_priv
Address = 10.221.178.2/24,fd11:5ee:bad:c0de::2/64
DNS = 10.221.178.1

[Peer]
PublicKey = server_pub
PresharedKey = zephyrus-m_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0

If you are using port forwading through the VPN tunnel, you don’t need to open the ports on your router, as the traffic is going through the VPN.

https://serverfault.com/questions/1067746/port-forwarding-with-wireguard

You just need to add a line to your wireguard server config telling it what ports to forward to what client.

Maybe you could do something similar I did when I set up my email using a VPS to relay the traffic. I used iptables to relay the ports into the Wire guard tunnel. Here is my configuration:

None of the suggestions helped me so I updated the post with some more additional info.

You need to open ports on your external VPS Server … not on your own Router at home

On your vps server you should use SNAT oder MASQUERADE inside your POSTROUTING table.

Enable IP forwarding and

iptables -t nat -A PREROUTING -p udp --dport 8080 -j DNAT --to-destination 10.221.178.2:8080

iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 10.221.178.2:8080

iptables -t nat -A POSTROUTING -j MASQUERADE

Isn’t the point of a VPS that you don’t need a VPN in front of your torrent client?

please explain as u would to a 5yo kid

Only if the torrent client runs on the VPS which is against most TOS of cloud providers anyway.

What mentioned post? Try to disable windows firewall

hmm…

r/seedboxes/ say to get a vps in a country that ignores dmca notices and forget the vpn

I edited the OP. The ports are open windows firewall as well.