[deadlyllama]

Is confidential computing needed if all you're doing is forwarding packets? Your cloud provider can see the packets as they leave and enter your VM.

If I was building this I'd stand up a VPN (choose your favourite protocol) between the cloud VM and home server. For the cloud end pick something from lowendbox/lowendtalk or just use the cheapest Vultr instance. NAT port forwarding down the tunnel back to your server at home - just a few iptables rules. Job done. Bonus points if you get an IPv6 /64 and route that down the tunnel too.

It's possible to use policy routing at home so that traffic that needs to go down the VPN does, and traffic that can egress through your home internet can too. Replies to incoming connections that came down the tunnel go back up the tunnel. Outgoing SMTP connections go down the tunnel. Outgoing HTTP goes out your normal internet.