[Interface]
# Replace with the server's private key
PrivateKey = SERVER_PRIVATE_KEY
# VPN interface IP address
Address = 10.0.0.1/24
# Listening port
ListenPort = 51820

# Enable IP forwarding
PostUp = sysctl -w net.ipv4.ip_forward=1
# Masquerade outgoing traffic
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Allow forwarding from VPN to eth0
PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
# Allow forwarding from eth0 to VPN
PostUp = iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Forward incoming SMTP traffic to the client
PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25
# Forward incoming HTTP traffic to the client (web management portal)
PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80

# Clean up rules on shutdown
PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80

[Peer]
# Client's public key
PublicKey = CLIENT_PUBLIC_KEY
# Allowed IPs for the client
AllowedIPs = 10.0.0.2/32