> But the goal of this post is to expose a local lightning node that runs even behind CGNAT, so not only the node is behind NAT, but also the router of the local network.

How does CGNAT matter in this case? As long as the local lightning node initiates the connection it works the same with SSH or Wireguard.

> Another issue with wireguard is censorship resistance

I see, makes sense. I didn’t think about this, thanks!

Setting up a hybrid lightning node, even behid CGNAT

Cyrus

Hi,great post. port forwarding with wireguard, iptables, SNAT, DNAT are so cool, I recommend everyone to study about it. But the goal of this post is to expose a local lightning node that runs even behind CGNAT, so not only the node is behind NAT, but also the router of the local network. Another issue with wireguard is censorship resistance, it is so easy to identify wireguard traffic over the network, and drop the packets, what is so important in my case, and for everyone living a country that is actively censoring communications, specially vpns, for us pure wireguard is not a solution.