VPN through squid, how to use port forward?

I wanted to make my Mullvad VPN available to my whole network relatively hassle free, so I ended up spinning an OpenWRT VM, adding Mullvad WG as the WAN interface and running squid proxy on the VM. So anyone needing to use VPN (such as family members using their browsers, torrent clients etc.) can connect to the proxy. This has been working smoothly so far.

I have been trying to add port forwarding to this for torrent client on one of the systems. I added port forward on Mullvad, and if I make a port forward rule forwarding the traffic to the OpenWRT VM itself, everything works. However when I forward the traffic to the torrent client (on docker container) it does not work.

I found out using tcpdump that the traffic arrives at the designated port but the source IP is the WAN IP of whatever website, so it doesn't know where to respond? Is there any way to hack this with NAT rules on the OpenWRT VM?

It's not strange, squid is a http proxy. You cannot pass all protocols.

I understand that. I am not trying use squid for that. I was trying to do it outside of squid using NAT. It works in one direction Peer -> Public IP of VPN -> Private IP of VPN/Router -> Torrent client. However I don't know how to set it up in the other direction.

  1. Does the traffic reach the torrent client? You can verify with tcpdump in the container.
  2. Does it send the traffic back? Again tcpdump.
  3. Does the traffic use the vpn? Or another uplink?

Thank you for taking the time to help :slight_smile:

  1. The traffic reaches the torrent client according to tcpdump I think. When I do a port open test, the test fails but I get packets on tcpdump.
  2. It cannot send the traffic back.
  3. It is using the default ISP route/uplink.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export firewall; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru

Let us know the exact forwarding rule if it is not obvious from the name/description.

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Torrent Mullvad'
	option src 'wan'
	option src_dport 'port#'
	option dest_port 'port#'
	list proto 'tcp'
	list proto 'udp'
	option dest_ip ''