23 lines
1.2 KiB
Django/Jinja
23 lines
1.2 KiB
Django/Jinja
[Interface]
|
|
Address = {{ wg_interface_ip }}
|
|
ListenPort = 51820
|
|
PrivateKey = {{ bastion_wg_private_key}}
|
|
#https://serverfault.com/questions/1162475/iptables-exclude-a-specific-port-from-being-forwarded-to-the-destination
|
|
PostUp = iptables -t nat -N Inbound
|
|
PostUp = iptables -t nat -A PREROUTING -d {{ public_ip }} -j Inbound
|
|
PostUp = iptables -t nat -A POSTROUTING -o {{ wan_interface }} -j MASQUERADE
|
|
PostUp = iptables -t nat -A Inbound -p tcp --dport 22 -j RETURN
|
|
PostUp = iptables -t nat -A Inbound -p tcp --dport 51820 -j RETURN
|
|
PostUp = iptables -t nat -A Inbound -p udp --dport 51820 -j RETURN
|
|
PostUp = iptables -t nat -A Inbound -s {{ homeserver_private_ip }} -j RETURN
|
|
PostUp = iptables -t nat -A Inbound -j DNAT --to-destination {{ homeserver_private_ip }} -p tcp --dport 80
|
|
PostUp = iptables -t nat -A Inbound -j DNAT --to-destination {{ homeserver_private_ip }} -p tcp --dport 443
|
|
PostDown = iptables -D PREROUTING -d {{ public_ip }} -j Inbound -t nat
|
|
PostDown = iptables -D POSTROUTING -o {{ wan_interface }} -j MASQUERADE -t nat
|
|
PostDown = iptables -F Inbound -t nat
|
|
PostDown = iptables -X Inbound -t nat
|
|
|
|
[Peer]
|
|
PublicKey = {{ homeserver_wg_public_key }}
|
|
AllowedIPs = {{ homeserver_wg_ip }}/32,{{ homeserver_private_ip }}/32
|