I’m attempting to test a permission-less Wireguard Relay I wrote but it looks like the Fly load balancer is blocking all subsequent TCP packets after the first is sent back to the requester. I’ve tested this same container on a standard VPS and it all seems to be working there so I’m curious if something might be different with the Fly networking stack? For this testing system I’m running the fly app (named hyprspace-testing) as a relay which accepts tcp connections (I’m not using any http handlers) and then forwards them over a Wireguard connection to a backend webserver (http://220.127.116.11:8080/). On the backend I can see that the connections are correctly getting through to the webserver and it’s responding to the relay. I can even see that the relay is accepting the packets through the UDP port but it seems like they’re getting dropped going from the Fly app to the load balancer?
Here is the
fly.toml I’m using.
app = "hyprspace-testing" kill_signal = "SIGINT" kill_timeout = 5 [build] image = "ghcr.io/hyprspace/relay:main" [[services]] internal_port = 8080 protocol = "tcp" [[services.ports]] port = "80" [[services]] internal_port = 53 protocol = "udp" [[services.ports]] port = "53" [env] RELAY_PRIVATEKEY = "RELAY-PRIVATE-KEY" RELAY_PUBLICKEY = "RELAY-PUBLIC-KEY" RELAY_CLIENT_KEYS = "CLIENT-PUBLIC-KEY" RELAY_PORT = "53" RELAY_CLIENT_IPS = "10.0.0.2/32" RELAY_CLIENT_PORTS = "8080"
And here’s a screenshot of the Wireguard connection from the perspective of the backend web server.
Thank you all for your time!