Update server/wg0.conf

server/wg0.conf

@@ -2,32 +2,46 @@
 # Replace with the server's private key
 PrivateKey = SERVER_PRIVATE_KEY
 # VPN interface IP address
-Address = 10.0.0.1/24
+Address = 10.99.97.1/24
 # Listening port
 ListenPort = 51820
 
-# Enable IP forwarding
+# Enable IP forwarding and NAT masquerading
-PostUp = sysctl -w net.ipv4.ip_forward=1
+PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward
-# Masquerade outgoing traffic
-PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-# Allow forwarding from VPN to eth0
 PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
-# Allow forwarding from eth0 to VPN
 PostUp = iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-# Forward incoming SMTP traffic to the client
+#PostUp = iptables -A FORWARD -o %i -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-# Forward incoming HTTP traffic to the client (web management portal)
+
-PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80
+# Port forwarding for specific services to the client (10.99.97.4)
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.99.97.4:25
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.99.97.4:80
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.99.97.4:443
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to-destination 10.99.97.4:110
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-destination 10.99.97.4:143
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 465 -j DNAT --to-destination 10.99.97.4:465
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 587 -j DNAT --to-destination 10.99.97.4:587
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 993 -j DNAT --to-destination 10.99.97.4:993
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 995 -j DNAT --to-destination 10.99.97.4:995
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 4190 -j DNAT --to-destination 10.99.97.4:4190
 
 # Clean up rules on shutdown
 PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT
 PostDown = iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
-PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.99.97.4:25
-PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.99.97.4:80
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.99.97.4:443
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to-destination 10.99.97.4:110
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-destination 10.99.97.4:143
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 465 -j DNAT --to-destination 10.99.97.4:465
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 587 -j DNAT --to-destination 10.99.97.4:587
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 993 -j DNAT --to-destination 10.99.97.4:993
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 995 -j DNAT --to-destination 10.99.97.4:995
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 4190 -j DNAT --to-destination 10.99.97.4:4190
 
 [Peer]
 # Client's public key
 PublicKey = CLIENT_PUBLIC_KEY
 # Allowed IPs for the client
-AllowedIPs = 10.0.0.2/32
+AllowedIPs = 10.99.97.4/32