Skip to content

Instantly share code, notes, and snippets.

@amanjuman

amanjuman/wg0.conf.md

Created March 28, 2023 20:14
Show Gist options
  • Save amanjuman/488cf87997780c73633aaf8f43c4d199 to your computer and use it in GitHub Desktop.
Save amanjuman/488cf87997780c73633aaf8f43c4d199 to your computer and use it in GitHub Desktop.
Download ZIP
WireGuard Port Forwarding to Connected Peer
Raw
wg0.conf.md

TCP Forwarding Only

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens32 -j MASQUERADE; iptables -t nat -A PREROUTING -i ens32 -p tcp --match multiport --dports 1024:65535 -j DNAT --to-destination 10.0.0.10
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens32 -j MASQUERADE; iptables -t nat -D PREROUTING -i ens32 -p tcp --match multiport --dports 1024:65535 -j DNAT --to-destination 10.0.0.10

TCP & UDP Forwarding

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens32 -j MASQUERADE; iptables -t nat -A PREROUTING -i ens32 -p tcp -m multiport --dports 1024:65535 -j DNAT --to-destination 10.0.0.10; iptables -t nat -A PREROUTING -i ens32 -p udp -m multiport --dports 1024:65535 -j DNAT --to-destination 10.0.0.10
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens32 -j MASQUERADE; iptables -t nat -D PREROUTING -i ens32 -p tcp -m multiport --dports 1024:65535 -j DNAT --to-destination 10.0.0.10; iptables -t nat -D PREROUTING -i ens32 -p udp -m multiport --dports 1024:65535 -j DNAT --to-destination 10.0.0.10

Forwarding all ports except SSH and WireGuard Server Port

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens32 -j MASQUERADE; iptables -t nat -A PREROUTING -i ens32 -p tcp --match multiport ! --dports 22,444 --match multiport --dports 1:65535 -j DNAT --to-destination 10.0.0.10; iptables -t nat -A PREROUTING -i ens32 -p udp --match multiport ! --dports 22,444 --match multiport --dports 1:65535 -j DNAT --to-destination 10.0.0.10
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens32 -j MASQUERADE; iptables -t nat -D PREROUTING -i ens32 -p tcp --match multiport ! --dports 22,444 --match multiport --dports 1:65535 -j DNAT --to-destination 10.0.0.10; iptables -t nat -D PREROUTING -i ens32 -p udp --match multiport ! --dports 22,444 --match multiport --dports 1:65535 -j DNAT --to-destination 10.0.0.10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment