From d65e38b310af7e7dcc764389d3064bfabc330b78 Mon Sep 17 00:00:00 2001 From: Administrator Date: Sat, 7 Dec 2019 18:07:48 +0000 Subject: [PATCH] docs: update cloud --- cloud.md | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/cloud.md b/cloud.md index 61f66785..d0142594 100644 --- a/cloud.md +++ b/cloud.md @@ -2,7 +2,7 @@ title: Cloud description: published: true -date: 2019-12-07T17:14:58.135Z +date: 2019-12-07T18:07:45.135Z tags: --- @@ -28,6 +28,10 @@ Networking > Virtual Cloud Networks >Virtual Cloud Network Details > Network Sec Networking > Virtual Cloud Networks >Virtual Cloud Network Details > Security Lists +### Allow Port in firewall + +```sudo iptables -4 -I INPUT 6 -p udp --dport 54541 -m comment --comment "Wireguard listen port" -j ACCEPT``` + ### Wireguard Server Tools @@ -80,3 +84,32 @@ sudo wg-quick up wg0 sudo systemctl enable wg-quick@wg0 ``` +### Wireguard Client +``` +sudo iptables -t mangle -I PREROUTING 1 -i br-vlanwgnl1 ! -d 172.57.0.0/16 -j MARK --set-mark 0x25 +sudo ip -4 link add dev wg1 type wireguard +sudo ifconfig wg1 up +sudo wg setconf wg1 /etc/wireguard/wg1.conf +sudo ip -4 address add 10.50.0.2/32 dev wg1 +sudo ip -4 link set mtu 1420 up dev wg1 +sudo printf 'nameserver %s\n' '1.1.1.1' | sudo resolvconf -a wg1 -m 0 -x +sudo sysctl -w net.ipv4.conf.all.rp_filter=2 +sudo ip -4 rule add from all fwmark 0x25 lookup 200 +sudo ip -4 route add default via 10.50.0.2 table 200 +sudo iptables -t nat -A POSTROUTING -o br-vlanwgnl1 -j MASQUERADE +``` + +#### Tools +``` +# Show mangle rules +sudo iptables -L -v -t mangle + +# Show iptables +sudo iptables -L -v --line-numbers + +# Show routing table +sudo route -n + +# Remove ip rule +sudo ip rule del fwmark 0x25 +``` \ No newline at end of file