> <@nanashi0x74:matrix.org> this is my nat table, I see that the DNAT rules are getting applied
> ```
> iptables -L -t nat -nv
> Chain PREROUTING (policy ACCEPT 102 packets, 5684 bytes)
> pkts bytes target prot opt in out source destination
> 58977 3450K nixos-nat-pre all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain POSTROUTING (policy ACCEPT 4 packets, 240 bytes)
> pkts bytes target prot opt in out source destination
> 4746 235K nixos-nat-post all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 MASQUERADE all -- * eth0 10.100.0.0/24 0.0.0.0/0
> 46 17714 LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
>
> Chain nixos-nat-post (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 mark match 0x1
>
> Chain nixos-nat-pre (1 references)
> pkts bytes target prot opt in out source destination
> 6 320 LOG all -- eth0 * 0.0.0.0/0 51.15.10.88 LOG flags 0 level 6 prefix "nat: "
> 1 84 MARK all -- wg0 * 0.0.0.0/0 0.0.0.0/0 MARK set 0x1
> 45 2136 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.100.0.2:80
> 118 6764 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.100.0.2:443
> 509 30540 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8448 to:10.100.0.2:8448
> ```
>
> 10.100.0.2:443 is accessible:
> ```
> nc 10.100.0.2 443
> sfasf
> HTTP/1.1 400 Bad Request
> Server: nginx
> Date: Wed, 24 Jun 2020 10:23:30 GMT
> Content-Type: text/html
> Content-Length: 150
> Connection: close
>
>
> 400 Bad Request
>
> 400 Bad Request
>
nginx
>
>
> ^C
> ```
>
> but when I nc to the server ip locally I get nothing back:
> ```
> nc $SERVER_IP 443
>
> saf
>
> asf
> s
> af
> asf
> asf
> saf
> asf
> asf
> ```
ah finally I figured it out. What was missing was a MASQUERADE rule sending packets destined for 10.100.00/16 over the wg0 interface. I learned something today :D