Wireguard enable Nat script

wg-nat-routing.sh

#!/bin/bash

# Define paths to iptables and ip6tables
IPT="/sbin/iptables"
IPT6="/sbin/ip6tables"

# Define network interfaces and network configurations
IN_FACE="eth0"                 # NIC connected to the internet
WG_FACE="wg0"                  # WG NIC
SUB_NET="10.5.0.0/24"          # WG IPv4 sub/net aka CIDR
WG_PORT="51820"                # WG udp port
#SUB_NET_6="fd42:42:42:42::/112"  # WG IPv6 sub/net (uncomment if needed)

# Function to add iptables rules
add_rules() {
    # IPv4
    $IPT -t nat -I POSTROUTING 1 -s $SUB_NET -o $IN_FACE -j MASQUERADE
    $IPT -I INPUT 1 -i $WG_FACE -j ACCEPT
    $IPT -I FORWARD 1 -i $IN_FACE -o $WG_FACE -j ACCEPT
    $IPT -I FORWARD 1 -i $WG_FACE -o $IN_FACE -j ACCEPT
    $IPT -I INPUT 1 -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT

    # IPv6 (Uncomment if needed)
    # $IPT6 -t nat -I POSTROUTING 1 -s $SUB_NET_6 -o $IN_FACE -j MASQUERADE
    # $IPT6 -I INPUT 1 -i $WG_FACE -j ACCEPT
    # $IPT6 -I FORWARD 1 -i $IN_FACE -o $WG_FACE -j ACCEPT
    # $IPT6 -I FORWARD 1 -i $WG_FACE -o $IN_FACE -j ACCEPT
}

# Function to remove iptables rules
remove_rules() {
    # IPv4
    $IPT -t nat -D POSTROUTING -s $SUB_NET -o $IN_FACE -j MASQUERADE
    $IPT -D INPUT -i $WG_FACE -j ACCEPT
    $IPT -D FORWARD -i $IN_FACE -o $WG_FACE -j ACCEPT
    $IPT -D FORWARD -i $WG_FACE -o $IN_FACE -j ACCEPT
    $IPT -D INPUT -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT

    # IPv6 (Uncomment if needed)
    # $IPT6 -t nat -D POSTROUTING -s $SUB_NET_6 -o $IN_FACE -j MASQUERADE
    # $IPT6 -D INPUT -i $WG_FACE -j ACCEPT
    # $IPT6 -D FORWARD -i $IN_FACE -o $WG_FACE -j ACCEPT
    # $IPT6 -D FORWARD -i $WG_FACE -o $IN_FACE -j ACCEPT
}

# Check the script argument to decide which function to call
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <add|remove>"
    exit 1
fi

if [ "$1" = "add" ]; then
    add_rules
elif [ "$1" = "remove" ]; then
    remove_rules
else
    echo "Invalid argument: $1"
    echo "Usage: $0 <add|remove>"
    exit 1
fi