diff --git a/server/wg0.conf b/server/wg0.conf index f854f74..95734af 100644 --- a/server/wg0.conf +++ b/server/wg0.conf @@ -2,32 +2,46 @@ # Replace with the server's private key PrivateKey = SERVER_PRIVATE_KEY # VPN interface IP address -Address = 10.0.0.1/24 +Address = 10.99.97.1/24 # Listening port ListenPort = 51820 -# Enable IP forwarding -PostUp = sysctl -w net.ipv4.ip_forward=1 -# Masquerade outgoing traffic -PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -# Allow forwarding from VPN to eth0 +# Enable IP forwarding and NAT masquerading +PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT -# Allow forwarding from eth0 to VPN PostUp = iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT -# Forward incoming SMTP traffic to the client -PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25 -# Forward incoming HTTP traffic to the client (web management portal) -PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80 +#PostUp = iptables -A FORWARD -o %i -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + +# Port forwarding for specific services to the client (10.99.97.4) +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.99.97.4:25 +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.99.97.4:80 +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.99.97.4:443 +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to-destination 10.99.97.4:110 +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-destination 10.99.97.4:143 +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 465 -j DNAT --to-destination 10.99.97.4:465 +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 587 -j DNAT --to-destination 10.99.97.4:587 +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 993 -j DNAT --to-destination 10.99.97.4:993 +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 995 -j DNAT --to-destination 10.99.97.4:995 +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 4190 -j DNAT --to-destination 10.99.97.4:4190 # Clean up rules on shutdown PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT PostDown = iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE -PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25 -PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.99.97.4:25 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.99.97.4:80 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.99.97.4:443 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to-destination 10.99.97.4:110 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-destination 10.99.97.4:143 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 465 -j DNAT --to-destination 10.99.97.4:465 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 587 -j DNAT --to-destination 10.99.97.4:587 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 993 -j DNAT --to-destination 10.99.97.4:993 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 995 -j DNAT --to-destination 10.99.97.4:995 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 4190 -j DNAT --to-destination 10.99.97.4:4190 [Peer] # Client's public key PublicKey = CLIENT_PUBLIC_KEY # Allowed IPs for the client -AllowedIPs = 10.0.0.2/32 \ No newline at end of file +AllowedIPs = 10.99.97.4/32 \ No newline at end of file