[Interface]
Address = 10.11.20.1/24
#SaveConfig = true
ListenPort = 51820
PrivateKey = uBjwOBqEeH/2V7qo5GLGQaX159I1YBztzxvYE9pXOnI=
#https://serverfault.com/questions/1162475/iptables-exclude-a-specific-port-from-being-forwarded-to-the-destination
PostUp = iptables -t nat -N Inbound
PostUp = iptables -t nat -A PREROUTING -d 51.222.155.202 -j Inbound
PostUp = iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostUp = iptables -t nat -A Inbound -p tcp --dport 22 -j RETURN
PostUp = iptables -t nat -A Inbound -p tcp --dport 51820 -j RETURN
PostUp = iptables -t nat -A Inbound -p udp --dport 51820 -j RETURN
PostUp = iptables -t nat -A Inbound -s 10.11.1.15 -j RETURN
PostUp = iptables -t nat -A Inbound -j DNAT --to-destination 10.11.1.15 -p tcp --dport 80
PostUp = iptables -t nat -A Inbound -j DNAT --to-destination 10.11.1.15 -p tcp --dport 443
PostDown = iptables -D PREROUTING -d 51.222.155.202 -j Inbound -t nat
PostDown = iptables -D POSTROUTING -o ens3 -j MASQUERADE -t nat
PostDown = iptables -F Inbound -t nat
PostDown = iptables -X Inbound -t nat

[Peer]
PublicKey = 84ITOv/sB0f/h7fIY+uLQeTmMDgTCjvVzIQmEsLAZmo=
AllowedIPs = 10.11.20.2/32,10.11.1.15/32