I am not a system admin. I am only poorly self taught with Linux. Suffice it to say that healthcare is my full time job. So, if I error here, just let me know, and I’ll move on.
I have set up a micro instance (free) of Debian on a Google Cloud Compute Engine. It provided me an external IP and even a firewall.
I installed WireGuard and Pi-Hole. I have my client’s WireGuard DNS point to my Pi-Hole on the internal IP of the micro instance. The only ports that I have to open on the instance firewall are the port for the WireGuard Interface Listen Port and port 22 so I can SSH into my instance.
The setup works incredibly well as a split tunnel serving DNS to my WireGuard Client on my iPhone / Mac / etc. It also works well as a full tunnel when needed. That is all true as long as I am using port 1194 for the WireGuard Interface Listen Port.
However, if I try to change the Listen Port of the WireGuard Interface to port 53, the Pi_Hole DNS FTL? Engine will not start. I know this is because Pi-Hole uses port 53 as the Listen Port for all incoming IPs.
If I read correctly, this process is called binding and involves ports and binding sockets? I read there is a way to bind one port to two Interfaces as long as that either they use separate IPs or each Interface uses UDP. I believe that one or both of these criteria have been filled.
The problem becomes how? I am not sure how. I have tried modifying some configuration files but I really have no idea.
The reason I would like to use port 53 is that in countries where the healthcare is poor and we go to help, the firewalls are very restrictive. Often times, the only port out is 53. They rarely seem to run their own DNS or use a well built proxy.
Before others mention Iodine, yes, I have tried it. It is horribly slow in these countries where the bandwidth is not good. In any case, I appreciate any help, if I errored asking or this is the wrong place, I apologize.