match on wg packets and redirect

Adrian Sevcenco adrian.sev at
Sun Nov 4 14:46:16 CET 2018

On 11/04/2018 01:41 PM, Kalin KOZHUHAROV wrote:
> On Sun, Nov 4, 2018 at 10:10 AM Adrian Sevcenco <adrian.sev at> wrote:
>> Hi! Is there a way to use iptables to match wireguard packets incoming
>> on 443 and the redirect them to the actual port?
>> In many hotels/hostels and other free wifi it seems that only 80+443 is
>> allowed but amazingly both tcp and udp...
> Should be, just don't try to match "wg packets", match instead your
> (other) endpoint IP address and port.
> And why would you even need to do that?
> If you have an endpoint (in cloud, home, etc.) with address
> and port 443, just connect to that, no iptables should be needed.
so, the scenario is connecting laptop over free wifi to my server.
most often free wifi block anything other than 80 and 443
on my endpoint i have beside http(s) also ssh (multiplexed through sslh)

so, i would like to redirect (in raw/prerouting) the incoming wg packets 
from 443 to actual wg listening port .. but first i would need to match them

> And you can still use the same ip to host a https website (it uses tcp) :^D
well, yes, but this endpoint is already setup and used by other 
connections and i would like to keep it like that..

and now, that i took the time to answer the email i realize that i can 
always start a second endpoint on 443 :)))

So, thank you! :)

> Cheers,
> Kalin.

More information about the WireGuard mailing list