pwLabs

VPS Proxy via Cloudflare WARP

This guide will help you configure a proxy on your VPS and route the traffic through Cloudflare WARP using iptables and warp-cli. This setup enhances privacy, masks the server IP, and provides secure outbound connections.

1. Enable IP Forwarding and Local Routing

echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.route_localnet = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

These settings allow the Linux kernel to forward IP packets and route traffic to localhost for NAT redirection.

2. Install and Initialize Cloudflare WARP in Proxy Mode

curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
sudo apt-get update && sudo apt-get install cloudflare-warp

Initialize WARP in proxy mode and set the proxy port (e.g., 40000):

warp-cli registration new
warp-cli mode proxy
warp-cli proxy port 40000
warp-cli connect

Ensure the WARP service is running:

sudo systemctl start warp-svc.service

3. Configure iptables for Port Redirection

Redirect traffic coming to your VPS on port 1089 to the WARP proxy running locally:

sudo iptables -t nat -A PREROUTING \
  -p tcp            \
  --dport 1089      \
  -j DNAT           \
  --to-destination 127.0.0.1:40000

Make the rule persistent:

sudo apt update
sudo apt install iptables-persistent
sudo netfilter-persistent save

4. allow firewall/ufw

Open the Proxy Port in UFW

sudo ufw allow 1089/tcp

5. Test connect proxy SOCKS5

Use curl to verify that the proxy is working correctly

curl -x socks5://your-public-ip:1089 https://ifconfig.me

You should see a Cloudflare WARP IP address instead of your VPS’s real IP.

Prev
VPS 3Proxy via Cloudflare WARP
Next
Get started