Need help forwarding ports through qubes-tunnel

Posted on Reddit before, got no answers.

My VPN allows forwarding incoming connections on selected ports. I have set up my VPN using the new contrib package “qubes-tunnel” and it works well so far. I have set up sys-vpn using the debian-10 template (the qubes-tunnel package is not available in F32 yet), use it as the NetVM for my AppVM and all my connections are going through the VPN.

Now I want to run an application (torrent) in my AppVM that listens on a certain port for both incoming TCP and UDP connections. My VPN is configured to forward this port to me. However, the application cannot be reached from the outside (port checker says the port is closed). So I assume that some kind of port forwarding is necessary.

I have tried messing around with iptables for a while, but honestly I have no idea what I am doing and I don’t want to break the privacy configuration that qubes-tunnel provides. One issue seems to me that the VPN is running on the tun0 interface, but traffic must be forwarded to eth0 or vif30.0 for internal routing? Also my client software must be allowed to send back TCP ACKs on the same port.

There are some interesting resources on port forwarding, but they don’t seem to be tailored towards VPNs and qubes-tunnel:

I hope that somebody can help :slight_smile:

Edit: Removed some references because new users can not post more than 2 links in one post (?)

Additional references: