Skip to main content

Global Proxy

A to B

A Config

[Interface]
PrivateKey = x
Address = 10.0.2.2/24
DNS = 223.5.5.5

[Peer]
PublicKey = x
Endpoint = x:51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

B Config

[Interface]
PrivateKey = x
Address = 10.0.2.1/24
ListenPort = 51820

# 公网 NAT 出口
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = x
AllowedIPs = 10.0.2.2/32

Keep A Public IP

eth0 进来的包从 eth0 回包,不走 wg 的规则。

iptables -t mangle -A PREROUTING -i eth0 -j CONNMARK --set-mark 0x1
iptables -t mangle -A OUTPUT -m connmark --mark 0x1 -j MARK --set-mark 0x1
ip rule add fwmark 0x1 lookup main priority 80

0:      from all lookup local
80:     from all fwmark 0x1 lookup main
32764:  from all lookup main suppress_prefixlength 0
32765:  not from all fwmark 0xca6c lookup 51820
32766:  from all lookup main
32767:  from all lookup default

Proxy Blacklist

ip rule add to 192.168.0.0/16 lookup main

0:      from all lookup local
80:     from all fwmark 0x1 lookup main
32763:  from all to 192.168.0.0/16 lookup main
32764:  from all lookup main suppress_prefixlength 0
32765:  not from all fwmark 0xca6c lookup 51820
32766:  from all lookup main
32767:  from all lookup default
Back to top