Home>

Keenetic router. There is Internet from the provider, and WireGuard is up on the router. Interfaces:

  • br0 192.168.2.1-internet
  • nwg1 10.100.218.11-vpn wireguard

We need all local client traffic with the address192.168.2.64send via wireguard vpnnwg1. But at the same time forward the port31555from the Internetbr0on local client192.168.2.64:21555.

Tried through package tagging:

iptables -t mangle -A PREROUTING -s 192.168.2.64 -p all -j MARK --set-mark 65
ip rule add fwmark 65 table 555
ip route add default dev nwg1 table 555

Traffic goes through vpn, but port forwarding doesn't work:

iptables -t nat -A PREROUTING -p tcp --dport 31555 -j DNAT --to-destination 192.168.2.64:21555

Apparently due to a rule inmangle prerouting.

Knowledge of iptables is not very good, everything is through google.

  • Answer # 1

    You need to enable traffic forwarding at the kernel level:echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

    To make the setting persist across reboots:sudo sysctl -w net.ipv4.ip_forward=1

    iptables -A FORWARD... next you need to add the ESTABLIHED and RLEATED rules

  • Answer # 2

    You need to enable traffic forwarding at the kernel level:echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

    To make the setting persist across reboots:sudo sysctl -w net.ipv4.ip_forward=1

    iptables -A FORWARD... next you need to add the ESTABLIHED and RLEATED rules