Last active
May 30, 2025 07:08
-
-
Save ccrsxx/11370967939a6a0a558ec8826dca80aa to your computer and use it in GitHub Desktop.
wg-easy port forward
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| volumes: | |
| etc_wireguard: | |
| networks: | |
| net_wireguard: | |
| driver: bridge | |
| ipam: | |
| config: | |
| - subnet: 172.18.0.0/16 | |
| gateway: 172.18.0.1 | |
| services: | |
| wg-easy: | |
| environment: | |
| # Change Language: | |
| # (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi) | |
| LANG: en | |
| # ⚠ Required: | |
| # Change this to your host's public address | |
| WG_HOST: host_ip_or_domain | |
| PASSWORD_HASH: pw | |
| # Optional: | |
| # PORT: 51821 | |
| # WG_PORT: 51820 | |
| # WG_CONFIG_PORT: 92820 | |
| # WG_DEFAULT_ADDRESS: 10.8.0.x | |
| WG_DEFAULT_DNS: internal_dns_server_ip | |
| # WG_PRE_UP: echo "Pre Up" > /etc/wireguard/pre-up.txt | |
| WG_POST_UP: > | |
| # iptables -A FORWARD -i wg0 -m iprange --src-range 10.8.0.2-10.8.0.10 -j ACCEPT; | |
| # iptables -A FORWARD -i wg0 -p tcp -d internal_dns_server_ip --dport 53 -j ACCEPT; | |
| # iptables -A FORWARD -i wg0 -p udp -d internal_dns_server_ip --dport 53 -j ACCEPT; | |
| # iptables -A FORWARD -i wg0 -d 10.8.0.0/24 -j DROP; | |
| # iptables -A FORWARD -i wg0 -d vps_ip -j DROP; | |
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; | |
| iptables -t nat -A POSTROUTING -o wg+ -j MASQUERADE; | |
| # WG_PRE_DOWN: echo "Pre Down" > /etc/wireguard/pre-down.txt | |
| WG_POST_DOWN: > | |
| # iptables -D FORWARD -i wg0 -m iprange --src-range 10.8.0.2-10.8.0.10 -j ACCEPT; | |
| # iptables -D FORWARD -i wg0 -p tcp -d internal_dns_server_ip --dport 53 -j ACCEPT; | |
| # iptables -D FORWARD -i wg0 -p udp -d internal_dns_server_ip --dport 53 -j ACCEPT; | |
| # iptables -D FORWARD -i wg0 -d 10.8.0.0/24 -j DROP; | |
| # iptables -D FORWARD -i wg0 -d vps_ip -j DROP; | |
| iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; | |
| iptables -t nat -D POSTROUTING -o wg+ -j MASQUERADE; | |
| # WG_MTU: 1420 | |
| # WG_ALLOWED_IPS: 0.0.0.0/0, 10.0.10.0/24, 192.168.1.0/24 | |
| # WG_PERSISTENT_KEEPALIVE: 25 | |
| # WG_PRE_UP: echo "Pre Up" > /etc/wireguard/pre-up.txt | |
| # WG_POST_UP: echo "Post Up" > /etc/wireguard/post-up.txt | |
| # WG_PRE_DOWN: echo "Pre Down" > /etc/wireguard/pre-down.txt | |
| # WG_POST_DOWN: echo "Post Down" > /etc/wireguard/post-down.txt | |
| # UI_TRAFFIC_STATS: true | |
| # UI_CHART_TYPE: 1 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart) | |
| image: ghcr.io/wg-easy/wg-easy | |
| container_name: wg-easy | |
| volumes: | |
| - etc_wireguard:/etc/wireguard | |
| ports: | |
| - '51820:51820/udp' | |
| - '51821:51821/tcp' | |
| restart: unless-stopped | |
| cap_add: | |
| - NET_ADMIN | |
| - SYS_MODULE | |
| # - NET_RAW # ⚠ Uncomment if using Podman | |
| sysctls: | |
| - net.ipv4.ip_forward=1 | |
| - net.ipv4.conf.all.src_valid_mark=1 | |
| networks: | |
| net_wireguard: | |
| ipv4_address: 172.18.0.2 |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Topology of this archicture to make it more clear: