Wireguard as a gateway
On the gateway side
apt install wireguard
cd /etc/wireguard
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
vi /etc/wireguard/wg0.conf
[Interface]
Address = 10.8.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = ...
[Peer]
PublicKey = ...
AllowedIPs = 10.8.0.0/24, 192.168.0.0/24
vi /etc/sysctl.conf
net.ipv4.ip_forward=1
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
apt install iptables
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
To forward the traffic from Internet to your local network
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.101:80
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.0.101:8443
apt install iptables-persistent
On the client side
apt install wireguard
sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
cd /etc/wireguard
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
nano /etc/wireguard/wg0.conf
[Interface]
PrivateKey =
Address = 10.8.0.2/24
[Peer]
PublicKey =
AllowedIPs = 0.0.0.0/0
Endpoint = 3.124.204.47:51820
PersistentKeepalive = 20
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
vi /etc/sysctl.conf
net.ipv4.ip_forward=1
apt install iptables
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Limit forward
iptables -P FORWARD DROP
iptables -A FORWARD -d 192.168.0.101 -j ACCEPT
iptables -A FORWARD -d 192.168.0.102 -j ACCEPT
apt install iptables-persistent