Posted: Sat Jan 20, 2024 20:58 Post subject: IPTABLES rule for WireGuard accepting peer on few ports
In some countries VPNs as well as WireGuard are blocked as per ports being used, so I am trying to set up a rule which will enable peers to use other ports, including well-known ones.
WireGuard tunnel at router side is at port 51811.
This is what I managed to write, but does not work on any of ports listed others than 51811.
Code:
iptables -t nat -A PREROUTING -i WAN -d <router-public-ip> -p udp -m multiport --dports 53,80,123,443,1194,1197,1198,8080,9201 -j REDIRECT --to-ports 51811
Joined: 18 Mar 2014 Posts: 12923 Location: Netherlands
Posted: Sun Jan 21, 2024 11:08 Post subject:
If you use WireGuard as your "server" you are free to choose the listen port to your liking as long as you inform your clients to use the same port as endpoint port.
If you run WireGuard as a client e.g. to commercial provider you are free to choose your listen port, setting the port to 0 will let the router choose a random port (according to the WG client setup guide).
The endpoint port is defined by the server and can only be changed on the server side (on the server side this is the listen port) _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
I use WireGuard on the router as a server. Tunnel is configured to listen at port 51811.
I would like to enable few additional ports which might be used by clients to connect as well, so thought port forwarding to 51811 for UDP at prerouting could do it.
The rule I have posted I am pretty sure was working in old ddwrt versions year ago or so.
1. Is this a good idea to get what I want.
2. What iptables entry would I need as the one I proposed seems not to work at the moment (I use latest r54914).