networking

Assuming your vpn provides a stable remote IP, your client connection needs to use that. Try "whatsmyip" or similar over the vpn. The remote address almost certainly won't appear in the local output of ip a.

Locally, listen on the "this host", 0.0.0.0.

You may need to check your firewall locally.

You don't need to run your http service to troubleshoot - simple tools like netcat can listen for incoming requests - nc -l 0.0.0.0 8000 or what-have-you.

Finally: you might want to look at using a shell host as the client rather than targeting your vpn ip from your local host, just to take hairpin connections out of consideration when troubleshooting.

I disagree with all the "Wat r u doing?? No, study for a year before you try anything!!" Yes, it's a bad idea to have an http server able to receive requests from anyone on the net if you don't know what you're doing, because there are people scanning public services looking for things to hack all the time, and you could have everything on your computer compromised. But if you're trying to just understand how it works, I think it helps the knowledge to click to make a thing do what you want. Eventually you can get your opnsense router and set up a separate vlan for your new homelab server and all that jazz, and then actually leave your http service running for the world to try to hack.

If a port checking tool says your port is open for soulseek, then the port forwarding of your vpn is working for that port. Idk what vpn provider you have, but all the ones that I've used with a port forward have only allowed me to have one random high-numbered port at a time. I'm assuming you have a way to find out what that port is and then configure soulseek to listen on it. You should be able to have your http service bind to 0.0.0.0:(that port), and it will work just like soulseek does. You can't do this while ss is listening on that port, because only one thing can listen on a port at a time.

Btw, I'm new to lemmy. How tf do you reply to a comment in the web app on mobile? I accidentally downvoted you trying to figure it out lol

Change the listening part to 0.0.0.0:8000 - that means listen on all interfaces and from all origins.
I assume others have given you enough on the security aspect of that

...what are you trying to do? There is no "listening" for http from the internet unless someone is explicitly sending something to/through you.

Beyond the other suggestions, your OS might have incoming network rules that are blocking the requests (a firewall).

Ok, you are putting the cart a few steps before the horse here and put simply, you can't just tap the entire Internet from behind your own Internet connection and "through" a VPN. (A VPN "tunnel" is a bit misleading on how traffic is seen in the wire, but that is still many more steps ahead.)

Watching pcap is cool, but you need a fundamental understanding of networks and network protocols before you can actually see more than characters of the Matrix and understand what you are tapping into from the start.

To kick off your own research path, start reading into the OSI Model, TCP vs UDP, traffic routing and subnetting. You need to understand where you need to be to see the traffic you want to see first.

Unfortunately, I can't begin to answer your question without some foundation in place first.

Bind your listener to whichever interface is Internet-facing. That's literally all you need to do. Then, from the client, send an HTTP request to that address (and port).

I think you need to explain in more detail how your "listening" is set up. You don't normally "listen" on an IP address, if it gets as far as the program you're listening with then it's already arrived at the correct network address before your program knows about it.

This is one of those bad questions.

Try to rephrase In a way what the outcome you are trying to achieve is.

your VPN probably has you on a nat.

Don't do this as it is a very bad idea

What is the end goal?