match on wg packets and redirect
adrian.sev at gmail.com
Sun Nov 4 14:46:16 CET 2018
On 11/04/2018 01:41 PM, Kalin KOZHUHAROV wrote:
> On Sun, Nov 4, 2018 at 10:10 AM Adrian Sevcenco <adrian.sev at gmail.com> wrote:
>> Hi! Is there a way to use iptables to match wireguard packets incoming
>> on 443 and the redirect them to the actual port?
>> In many hotels/hostels and other free wifi it seems that only 80+443 is
>> allowed but amazingly both tcp and udp...
> Should be, just don't try to match "wg packets", match instead your
> (other) endpoint IP address and port.
> And why would you even need to do that?
> If you have an endpoint (in cloud, home, etc.) with address 126.96.36.199
> and port 443, just connect to that, no iptables should be needed.
so, the scenario is connecting laptop over free wifi to my server.
most often free wifi block anything other than 80 and 443
on my endpoint i have beside http(s) also ssh (multiplexed through sslh)
so, i would like to redirect (in raw/prerouting) the incoming wg packets
from 443 to actual wg listening port .. but first i would need to match them
> And you can still use the same ip to host a https website (it uses tcp) :^D
well, yes, but this endpoint is already setup and used by other
connections and i would like to keep it like that..
and now, that i took the time to answer the email i realize that i can
always start a second endpoint on 443 :)))
So, thank you! :)
More information about the WireGuard