[Megrez7]

In some countries VPNs as well as WireGuard are blocked as per ports being used, so I am trying to set up a rule which will enable peers to use other ports, including well-known ones.

WireGuard tunnel at router side is at port 51811.

This is what I managed to write, but does not work on any of ports listed others than 51811.

[egc]

If you use WireGuard as your "server" you are free to choose the listen port to your liking as long as you inform your clients to use the same port as endpoint port.

If you run WireGuard as a client e.g. to commercial provider you are free to choose your listen port, setting the port to 0 will let the router choose a random port (according to the WG client setup guide).
The endpoint port is defined by the server and can only be changed on the server side (on the server side this is the listen port)

[Megrez7]

I might be not too clear.

I use WireGuard on the router as a server. Tunnel is configured to listen at port 51811.
I would like to enable few additional ports which might be used by clients to connect as well, so thought port forwarding to 51811 for UDP at prerouting could do it.

The rule I have posted I am pretty sure was working in old ddwrt versions year ago or so.

1. Is this a good idea to get what I want.
2. What iptables entry would I need as the one I proposed seems not to work at the moment (I use latest r54914).

[Megrez7]

Thi slightly modified rule works

[ho1Aetoo]

I wanted to write this earlier, "WAN" is not a valid interface and never has been

[egc]

You can just use the wan interface, no need to specify a destination.

But of course you need the right name for your wan interface

So that rule has never worked.