match on wg packets and redirect
Jason A. Donenfeld
Jason at zx2c4.com
Sun Nov 4 16:29:42 CET 2018
On Sun, Nov 04, 2018 at 04:14:25PM +0100, Jason A. Donenfeld wrote:
> On Sun, Nov 04, 2018 at 11:09:03AM +0200, Adrian Sevcenco wrote:
> > Hi! Is there a way to use iptables to match wireguard packets incoming
> > on 443 and the redirect them to the actual port?
>
> iptables -t nat -A PREROUTING -p udp --dports 80,443,53,67,68,546,547,10000,4500,123,161,5223 -j REDIRECT --to-ports 51820
Er, sorry, slightly better is below:
iptables -t nat -A PREROUTING -i eth0 -p udp -m multiport --dports 80,443,53,67,68,546,547,10000,4500,123,161,5223 -j REDIRECT --to-ports 51820
You might also just remove "-m multiport --dports ..." all together, and
have it accept _any_ incoming UDP packet, which could be handy.
More information about the WireGuard
mailing list