| ... | ... | @@ -6,17 +6,17 @@ Edit /etc/sysctl.conf |
|
|
|
|
|
|
|
net.ipv4.ip_forward = 1
|
|
|
|
|
|
|
|
Apply changes
|
|
|
|
Apply changes.
|
|
|
|
|
|
|
|
sysctl -p
|
|
|
|
|
|
|
|
Update iptables
|
|
|
|
Update iptables to forward internet traffic to the public interface and allow return traffic on wireguard. Replace ens18 with server's actual public interface.
|
|
|
|
|
|
|
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
|
|
|
|
iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
|
iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
|
|
|
|
iptables -A FORWARD -i wg0 -o ens18 -j ACCEPT
|
|
|
|
iptables -A FORWARD -i ens18 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
|
|
|
|
|
Save iptables rules
|
|
|
|
Save iptables rules. First install iptables-persistent if not already installed. This will cause them to be automatically loaded on boot.
|
|
|
|
|
|
|
|
# On systems with iptables-persistent or netfilter-persistent installed:
|
|
|
|
iptables-save > /etc/iptables/rules.v4
|
| ... | ... | @@ -45,6 +45,9 @@ Default traffic will go through Wireguard, so a route needs to be explicitly add |
|
|
|
|
|
|
|
In /etc/network/interfaces.d/01-wired.conf add a post-up to add the route to the remote server.
|
|
|
|
|
|
|
|
Comment out the old post-up to prevent those forwarding rules from loading. The iptables.up.rules file is for use without Wireguard.
|
|
|
|
|
|
|
|
|
|
|
|
# eth0 Wired Interface
|
|
|
|
auto eth0
|
|
|
|
iface eth0 inet static
|
| ... | ... | @@ -57,7 +60,7 @@ In /etc/network/interfaces.d/01-wired.conf add a post-up to add the route to the |
|
|
|
|
|
|
|
## Update DHCP Config
|
|
|
|
|
|
|
|
The DNS server used by WiFi access point clients needs to be updated to a server it can hit. This should probably be a custom server on the local network, but in this case we will update to a public DNS (Google and Cloudflare)
|
|
|
|
The DNS server used by WiFi AP clients needs to be updated to a server it can reach. This should probably be a custom server on the local network, but in this case we will update to a public DNS (Google and Cloudflare)
|
|
|
|
|
|
|
|
Update the domain-name-servers setting in /etc/kea/kea-dhcp4.conf
|
|
|
|
|
| ... | ... | @@ -66,4 +69,4 @@ Update the domain-name-servers setting in /etc/kea/kea-dhcp4.conf |
|
|
|
"data": "1.1.1.1, 8.8.8.8"
|
|
|
|
},
|
|
|
|
|
|
|
|
Reboot the mitzi to apply all the changed settings |
|
|
\ No newline at end of file |
|
|
|
Reboot the mitzi to apply all the changed settings. |
|
|
\ No newline at end of file |
