Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --------------------------
- | WG Host |
- |------------------------|
- | eth0: 192.168.1.30 | <- dhcp, home network, default gateway
- | tun0: 214.144.203.5 | <- vpn with public ipv4 address, gw for public services
- | vmnet: 192.168.5.1 | <- virtual machines, server daemons
- | wg0: 192.168.10.1 | <- wireguard
- --------------------------
- iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE
- # Always set source IP to VPN ip, so home network clients do not get confused
- iptables -A POSTROUTING -t nat -p tcp --sport 80 -j SNAT --to 214.144.203.5
- iptables -A POSTROUTING -t nat -p tcp --sport 443 -j SNAT --to 214.144.203.5
- # public services, default gateway via vpn
- iptables -A PREROUTING -t mangle -p tcp --sport 80 -j MARK --set-mark 2
- iptables -A PREROUTING -t mangle -p tcp --sport 443 -j MARK --set-mark 2
- # Do the same for ssh & wireguard (123/udp)
- iptables -A OUTPUT -t mangle -p tcp --sport 22 ! -d 192.168.1.0 -j MARK --set-mark 2
- iptables -A OUTPUT -t mangle -p udp --sport 123 ! -d 192.168.1.0 -j MARK --set-mark 2
- ip rule add fwmark 2 table 2
- ip route add default via 214.144.203.4 dev tun0 table 2
- ip route add 192.168.5.0/24 dev vmnet table 2
- ip route add 192.168.1.0/24 dev eth0 table 2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement