First of all, forgive me if this is the wrong place and redirect me to a better place to post this if I am in the wrong place.
So to start things off, I have an email server on Linode so I can take advantage of the RDNS in order for email to work, now I have CyberPanel installed on there so that I can run the other few public websites that I use. I’m looking to have more things on there which would need a more beefy server, hence raising the cost of the VPS. I had this idea of renting a nanode for $5 and tunneling it to my home network with a router behind that. I’m curious if I could do this…Basically have my Proxmox server running my VMs and have them on my ‘VPN Local Network’, that way they all have that public IP of the Linode server. Is this feasible? Something that works? I understand I would have to figure out some sort of port forwarding somehow someway, but I’m willing to do that if it is possible. My main goal here is to be able to have a local server that can utilize the public IP of a Linode server and run a website.
If this wouldn’t work, what would be another good way of achieving my goal?
Thanks for all replies in advance!
Edit:
Seems some people are misunderstanding my problem and recommending the CloudFlare Zero Trust Tunnels, I do use this for all of my other services but it isnt feasible in this case since I have a mail server that needs RDNS authority in order to work properly, I cannot change the RDNS with my ISP and I cannot do this through CloudFlare…as far as I know right now.
Have you heard of Tailscale? A tailscale funnel could be a simple yet effective solution for this problem, and you wouldn’t need to worry about setting up a new VPS to forward traffic. This is a good blogpost to learn about funnel Tailscale Funnel: Securely Expose Local Services to the Internet
you can try a wireguard tunnel to your home server. then you can set up NAT in proxmox if you want multiple VMs to share the IPs. also, you can consider tunneling an Ipv6 subnet from tunnelbroker.net or from a VM so each container can have its own v6 address.
It is totally feasible since your remote VPS will be a remote NAT between a (virtual) private network (which your home server will be part of) and the Internet. You just have to setup “port forwarding” rules, which are DNAT rules in iptables. And enable + allow forwarding between interfaces. You must ensure your home server is routing all traffic through this remote NAT, or at least, ensure symetric routing using conntrack marks.
I use cloudflare for most of my services which is nearly identical to tailscale, but my issue is that I need an ipv4 and IPv6 pool that has rdns that I manage. Can’t do that with my residential isp
I haven’t tried wiregaurd but I have used OpenVPN, not for this idea, but that’s why I was asking, does wiregaurd allow this? Not exactly sure how wiregaurd works either, would I create some sort of tunnel exit on the proxmox and bridge that to my other VMs? And then how would I get it to be publicly accessible since vpns don’t allow that at least by default.
On your VPS, when you set up Wireguard it should have you pick private IP space. You will get another network adapter such as tun0 as well. You might set your VPS to be something such as 172.16.0.1/24, then you will set up different Wireguard clients with different IPs in the space such as 172.16.0.2 when you set up the connection. So, you will go through the Wireguard setup on your Proxmox server and set it up as a client with your VPS as the server IP, and connect Wireguard. Now you should be able to ping across via those private IPs. Now, all you need to do is configure the port forwarding to forward whatever port on your VPS on eno1 or whatever the public NIC is to tun0 or whatever the Wireguard NIC is. That part is usually done via simple iptables command
at home, serve site using tunnels on www.domain.com, set mail relay to mail.domain.com
run an smtp server using sendmail on your $5 VPS on mail.domain.com, make sure there is a reverse IP record for that subdomain
make spf txt record for domain.com to VPS IP
make sure to lock down the relay, and check the IP first with MXtoolbox