yeah, that's why I like it so much. It's such a clean config. Tho, yeah I just remembered you do have to setup DNAT, SNAT, and FORWARD yourself on the exit node, that's where you'll do the public ports -> wireguard interface..
Login to reply
Replies (1)
Cheat sheet for ya:
wg_ip1=ip of your wg0 on the remote
wg_ip2=ip of your wg0 on local
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9735 -j DNAT --to-destination $wg_ip2:9735
iptables -t nat -A POSTROUTING -o wg0 -p tcp -d $wg_ip2 --dport 9735 -j SNAT --to-source $wg_ip1
iptables -A FORWARD -i eth0 -o wg0 -d $wg_ip2 -p tcp --dport 9735 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -i eth0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i wg0 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT