You may need to run as root: sysctl net.ipv4.ip_forward=1 You also may want a -o wg0 rule on the FORWARD table, if you don't also have an established/related rule there.