simple iptables setup and ipv4-forwarding

- An easier way to implement iptables by integrating the rules directly into the wireguard-config. When you activate the interface, the rules are loaded automatically. When you deactivate them, they are automatically deleted.
- IPv4-forwarding to be able to forward the requests of the clients.
This commit is contained in:
ahab 2022-06-27 17:00:34 +00:00
parent ad328f0984
commit 5507c4752e

View File

@ -29,7 +29,9 @@ We will use the range 100.64.0.0/10 (RFC 6598) because it doesn't colide with pr
iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o eth0 -j MASQUERADE
systemctl enable --now wg-quick@wg0 systemctl enable --now wg-quick@wg0


Don't forget to save the iptables rules for the next start. The easiest way is to use cron, but I don't recommend it. Don't forget to save the iptables rules for the next start. The easiest way is to include this config in wg0.conf:
PostUp = iptables -I FORWARD -i eth0 -j ACCEPT; iptables -I FORWARD -o eth0 -j ACCEPT; iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i eth0 -j ACCEPT; iptables -D FORWARD -o eth0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


To get the public key (you need it later on): To get the public key (you need it later on):


@ -38,7 +40,9 @@ To get the public key (you need it later on):
Now the gateway is configured and running. To get some information, type in wg and use systemd: Now the gateway is configured and running. To get some information, type in wg and use systemd:


systemctl status wg-quick@wg0 systemctl status wg-quick@wg0
wg show wg

Enable IP forwarding in the Linux kernel by uncommenting or adding (uncommenting) `net.ipv4.ip_forward = 1` in /etc/sysctl.conf to persist the setting between system restarts. Use sysctl -w net.ipv4.ip_forward=1 to enable IP forwarding immediately without having to reboot.


# Setup your Android # Setup your Android