Home>
Keenetic router. There is Internet from the provider, and WireGuard is up on the router. Interfaces:
br0 192.168.2.1
-internetnwg1 10.100.218.11
-vpn wireguard
We need all local client traffic with the address192.168.2.64
send via wireguard vpnnwg1
. But at the same time forward the port31555
from the Internetbr0
on local client192.168.2.64:21555
.
Tried through package tagging:
iptables -t mangle -A PREROUTING -s 192.168.2.64 -p all -j MARK --set-mark 65
ip rule add fwmark 65 table 555
ip route add default dev nwg1 table 555
Traffic goes through vpn, but port forwarding doesn't work:
iptables -t nat -A PREROUTING -p tcp --dport 31555 -j DNAT --to-destination 192.168.2.64:21555
Apparently due to a rule inmangle prerouting
.
Knowledge of iptables is not very good, everything is through google.
-
Answer # 1
-
Answer # 2
You need to enable traffic forwarding at the kernel level:
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
To make the setting persist across reboots:
sudo sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD
... next you need to add the ESTABLIHED and RLEATED rules
Related questions
- linux : Route traffic from one tun interface through another tun. Double VPN
- linux : Bash script to form large IP blacklist ipset iptables
- linux : Blocking all requests except some sites
- linux : IPA Bind in Local Network
- linux : Block outgoing traffic
- OpenConnect GUI on Linux. How to reset the user password that has saved by default
- linux : Using IPTables, it is necessary to hide 22 so that it is not visible when scanning (NMAP and TD)
- linux : How to connect to two different IP at the same time?
- linux : How to configure traffic tunnel only inside the VPN network?
You need to enable traffic forwarding at the kernel level:
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
To make the setting persist across reboots:
sudo sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD
... next you need to add the ESTABLIHED and RLEATED rules