Wireguard LXC with LXC and Public IP (OVH)

[ChrisColotti]

I have an interesting thing I am trying to test but seems it's not working 100% and I am not sure why. First off I have a working WG LXC in PVE on OVH bare metal using a private IP and the public IP of the PVE host for routing and masquared, so that is not the issue.

I ordered another public IP which I can successfully deploy the LXC using by inserting the public IP and the assigned virtual MAC address during the script. The LXC is on the internet, can download updates and I can even SSH to it staight away and there is no OVH edge firewall enabled as well. It's a live public IP out there on the internet.

What does not seem to work using the script is wg0 listening on port 51820. I built this on a VPS with Debian 13 native on it fine, but my suspician is there is something not passing from the public IP on eth0 to wg0. I can't even get a telnet test to work it comes back as connection blocked/terminated. The OVH VPS is a similar setup just not LXC based.

Is there something in the LXC config specifically I need to look at to pass the traffic via eth0 with a pure public IP over to wg0? That seems to be the blocker.

I was also going to build a regular VM with Debian on PVE to duplicate the VPS and try to compare if the WG install updates IPTABLES or something in the process but figured I's post here as well. I have looked into a DNAT but nothing seems to stand out given the LXC is deployed with a full Public IP, but just not responding to the publicIP:51820